diff options
Diffstat (limited to 'g10/mainproc.c')
| -rw-r--r-- | g10/mainproc.c | 33 |
1 files changed, 20 insertions, 13 deletions
diff --git a/g10/mainproc.c b/g10/mainproc.c index 453d1b07b..bd738abaa 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -1805,19 +1805,26 @@ check_sig_and_print (CTX c, kbnode_t node) * favor this over the WKD method (to be tried next), because an * arbitrary keyserver is less subject to web bug like * monitoring. */ - /* if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY */ - /* && signature_hash_full_fingerprint (sig) */ - /* && (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE) */ - /* && keyserver_any_configured (c->ctrl)) */ - /* { */ - /* int res; */ - - /* glo_ctrl.in_auto_key_retrieve++; */ - /* res = keyserver_import_keyid (c->ctrl, sig->keyid, opt.keyserver ); */ - /* glo_ctrl.in_auto_key_retrieve--; */ - /* if (!res) */ - /* rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey ); */ - /* } */ + if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY + && opt.flags.rfc4880bis + && (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE) + && keyserver_any_configured (c->ctrl)) + { + int res; + const byte *p; + size_t n; + + p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_ISSUER_FPR, &n); + if (p && n == 21 && p[0] == 4) + { + /* v4 packet with a SHA-1 fingerprint. */ + glo_ctrl.in_auto_key_retrieve++; + res = keyserver_import_fprint (c->ctrl, p+1, n-1, opt.keyserver); + glo_ctrl.in_auto_key_retrieve--; + if (!res) + rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey ); + } + } /* If the above methods didn't work, our next try is to retrieve the * key from the WKD. */ |