diff options
Diffstat (limited to 'g10')
| -rw-r--r-- | g10/gpg.c | 26 | ||||
| -rw-r--r-- | g10/keyedit.c | 244 | ||||
| -rw-r--r-- | g10/keyedit.h | 3 | ||||
| -rw-r--r-- | g10/keylist.c | 56 | ||||
| -rw-r--r-- | g10/options.h | 1 |
5 files changed, 276 insertions, 54 deletions
@@ -130,6 +130,7 @@ enum cmd_and_opt_values aLSignKey, aQuickSignKey, aQuickLSignKey, + aQuickTSignKey, aQuickRevSig, aQuickAddUid, aQuickAddKey, @@ -529,6 +530,8 @@ static gpgrt_opt_t opts[] = { N_("quickly sign a key")), ARGPARSE_c (aQuickLSignKey, "quick-lsign-key", N_("quickly sign a key locally")), + ARGPARSE_c (aQuickTSignKey, "quick-tsign-key", + N_("quickly sign a key with a trust signature")), ARGPARSE_c (aQuickRevSig, "quick-revoke-sig" , N_("quickly revoke a key signature")), ARGPARSE_c (aSignKey, "sign-key" ,N_("sign a key")), @@ -2129,6 +2132,8 @@ parse_list_options(char *str) N_("show preferences")}, {"show-ownertrust", LIST_SHOW_OWNERTRUST, NULL, N_("show ownertrust")}, + {"show-trustsig", LIST_SHOW_TRUSTSIG, NULL, + N_("show trust signature information")}, {"show-only-fpr-mbox",LIST_SHOW_ONLY_FPR_MBOX, NULL, NULL}, {"sort-sigs", LIST_SORT_SIGS, NULL, @@ -2732,6 +2737,7 @@ main (int argc, char **argv) case aSign: case aQuickSignKey: case aQuickLSignKey: + case aQuickTSignKey: case aQuickRevSig: case aSignKey: case aLSignKey: @@ -4713,7 +4719,25 @@ main (int argc, char **argv) sl = NULL; for( ; argc; argc--, argv++) append_to_strlist2 (&sl, *argv, utf8_strings); - keyedit_quick_sign (ctrl, fpr, sl, locusr, (cmd == aQuickLSignKey)); + keyedit_quick_sign (ctrl, fpr, sl, locusr, + NULL, (cmd == aQuickLSignKey)); + free_strlist (sl); + } + break; + + case aQuickTSignKey: + { + const char *fpr, *tsig; + + if (argc < 2) + wrong_args ("--quick-tsign-key fingerprint" + " depth,[m|f][,domain] [userids]"); + fpr = *argv++; argc--; + tsig = *argv++; argc--; + sl = NULL; + for( ; argc; argc--, argv++) + append_to_strlist2 (&sl, *argv, utf8_strings); + keyedit_quick_sign (ctrl, fpr, sl, locusr, tsig, 0); free_strlist (sl); } break; diff --git a/g10/keyedit.c b/g10/keyedit.c index 9f4e4d9e5..1f3f8f3b3 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -44,6 +44,7 @@ #include "../common/ttyio.h" #include "../common/status.h" #include "../common/i18n.h" +#include "../common/mbox-util.h" #include "keyserver-internal.h" #include "call-agent.h" #include "../common/host2net.h" @@ -111,6 +112,13 @@ static int update_trust = 0; #define CONTROL_D ('D' - 'A' + 1) +/* Flags values used by sign_uids(). */ +#define SIGN_UIDS_LOCAL 1 /* Create non-exportable sig. */ +#define SIGN_UIDS_NONREVOCABLE 2 /* Create non-revocable sig. */ +#define SIGN_UIDS_TRUSTSIG 4 /* Create trust signature. */ +#define SIGN_UIDS_INTERACTIVE 8 /* Change the way of prompting. */ +#define SIGN_UIDS_QUICK 16 /* Called by a --quick command. */ + struct sign_attrib { int non_exportable, non_revocable; @@ -373,6 +381,92 @@ sign_mk_attrib (PKT_signature * sig, void *opaque) } +/* Parse a trust signature specification string into the 3 return + * args. Returns 0 on success or an errorcode. Format for the string + * is + * ['T=']<depth>,<value>[,<domain>] + * The optional prefix is just to allow c+p from the --check-sigs + * output. The domain is optional, <depth> must be a value in the + * range 0 to 255, value may either be value in the same range or - + * preferred - 'm' or 'f'. + */ +static gpg_error_t +parse_trustsig_string (const char *string, + byte *trust_value, byte *trust_depth, char **regexp) +{ + gpg_error_t err = 0; + char **fields; + int nfields; + int along; + char *endp; + + *trust_value = 0; + *trust_depth = 0; + *regexp = NULL; + + if (!string) + return gpg_error (GPG_ERR_INV_ARG); + + if (*string == 'T' && string[1] == '=') + string += 2; + + fields = strtokenize (string, ","); + if (!fields) + return gpg_error_from_syserror (); + + for (nfields=0; fields[nfields]; nfields++) + ; + if (nfields < 2 || nfields > 3) + { + err = gpg_error (GPG_ERR_SYNTAX); + goto leave; + } + along = strtol (fields[0], &endp, 10); + if (along < 0 || along > 255 || fields[0] == endp || *endp) + { + err = gpg_error (GPG_ERR_ERANGE); + goto leave; + } + *trust_depth = along; + if (!strcmp (fields[1], "m")|| !strcmp (fields[1], "marginal")) + along = 60; + else if (!strcmp (fields[1], "f")|| !strcmp (fields[1], "full")) + along = 120; + else + { + along = strtol (fields[1], &endp, 10); + if (along < 0 || along > 255 || fields[1] == endp || *endp) + { + err = gpg_error (GPG_ERR_ERANGE); + goto leave; + } + } + *trust_value = along; + + if (nfields == 3) + { + if (!is_valid_domain_name (fields[2])) + err = gpg_error (GPG_ERR_NO_NAME); + else + { + *regexp = strconcat ("<[^>]+[@.]", fields[2], ">$", NULL); + if (!*regexp) + err = gpg_error_from_syserror (); + } + } + + leave: + xfree (fields); + if (err && *regexp) + { + xfree (*regexp); + *regexp = NULL; + } + return err; +} + + +/* Interactive version of parse_trustsig_string. */ static void trustsig_prompt (byte * trust_value, byte * trust_depth, char **regexp) { @@ -474,16 +568,17 @@ trustsig_prompt (byte * trust_value, byte * trust_depth, char **regexp) /* - * Loop over all LOCUSR and sign the uids after asking. If no - * user id is marked, all user ids will be signed; if some user_ids - * are marked only those will be signed. If QUICK is true the - * function won't ask the user and use sensible defaults. + * Loop over all LOCUSR and sign the uids after asking. If no user id + * is marked, all user ids will be signed; if some user_ids are marked + * only those will be signed. FLAGS are the SIGN_UIDS_* constants. + * For example with SIGN_UIDS_QUICK the function won't ask the user + * and use sensible defaults. TRUSTSIGSTR is only used if also + * SIGN_UIDS_TRUSTSIG is set. */ static int sign_uids (ctrl_t ctrl, estream_t fp, - kbnode_t keyblock, strlist_t locusr, int *ret_modified, - int local, int nonrevocable, int trust, int interactive, - int quick) + kbnode_t keyblock, strlist_t locusr, unsigned int flags, + const char *trustsigstr, int *ret_modified) { int rc = 0; SK_LIST sk_list = NULL; @@ -491,7 +586,10 @@ sign_uids (ctrl_t ctrl, estream_t fp, PKT_public_key *pk = NULL; KBNODE node, uidnode; PKT_public_key *primary_pk = NULL; - int select_all = !count_selected_uids (keyblock) || interactive; + char *trust_regexp = NULL; + int select_all = (!count_selected_uids (keyblock) + || (flags & SIGN_UIDS_INTERACTIVE)); + /* Build a list of all signators. * @@ -508,7 +606,7 @@ sign_uids (ctrl_t ctrl, estream_t fp, for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next) { u32 sk_keyid[2], pk_keyid[2]; - char *p, *trust_regexp = NULL; + char *p; int class = 0, selfsig = 0; u32 duration = 0, timestamp = 0; byte trust_depth = 0, trust_value = 0; @@ -564,7 +662,7 @@ sign_uids (ctrl_t ctrl, estream_t fp, if (selfsig) tty_fprintf (fp, "\n"); - else if (opt.expert && !quick) + else if (opt.expert && !(flags & SIGN_UIDS_QUICK)) { tty_fprintf (fp, "\n"); /* No, so remove the mark and continue */ @@ -576,7 +674,7 @@ sign_uids (ctrl_t ctrl, estream_t fp, uidnode->flag &= ~NODFLG_MARK_A; uidnode = NULL; } - else if (interactive) + else if ((flags & SIGN_UIDS_INTERACTIVE)) yesreally = 1; } else @@ -592,7 +690,7 @@ sign_uids (ctrl_t ctrl, estream_t fp, if (selfsig) tty_fprintf (fp, "\n"); - else if (opt.expert && !quick) + else if (opt.expert && !(flags & SIGN_UIDS_QUICK)) { tty_fprintf (fp, "\n"); /* No, so remove the mark and continue */ @@ -604,7 +702,7 @@ sign_uids (ctrl_t ctrl, estream_t fp, uidnode->flag &= ~NODFLG_MARK_A; uidnode = NULL; } - else if (interactive) + else if ((flags & SIGN_UIDS_INTERACTIVE)) yesreally = 1; } else @@ -619,7 +717,7 @@ sign_uids (ctrl_t ctrl, estream_t fp, tty_fprintf (fp, _("User ID \"%s\" is not self-signed."), user); - if (opt.expert && !quick) + if (opt.expert && !(flags & SIGN_UIDS_QUICK)) { tty_fprintf (fp, "\n"); /* No, so remove the mark and continue */ @@ -631,7 +729,7 @@ sign_uids (ctrl_t ctrl, estream_t fp, uidnode->flag &= ~NODFLG_MARK_A; uidnode = NULL; } - else if (interactive) + else if ((flags & SIGN_UIDS_INTERACTIVE)) yesreally = 1; } else @@ -642,7 +740,8 @@ sign_uids (ctrl_t ctrl, estream_t fp, } } - if (uidnode && interactive && !yesreally && !quick) + if (uidnode && (flags & SIGN_UIDS_INTERACTIVE) + && !yesreally && !(flags & SIGN_UIDS_QUICK)) { tty_fprintf (fp, _("User ID \"%s\" is signable. "), user); @@ -671,7 +770,7 @@ sign_uids (ctrl_t ctrl, estream_t fp, /* It's a v3 self-sig. Make it into a v4 self-sig? */ if (node->pkt->pkt.signature->version < 4 - && selfsig && !quick) + && selfsig && !(flags & SIGN_UIDS_QUICK)) { tty_fprintf (fp, _("The self-signature on \"%s\"\n" @@ -699,7 +798,7 @@ sign_uids (ctrl_t ctrl, estream_t fp, tty_fprintf (fp, _("Your current signature on \"%s\"\n" "has expired.\n"), user); - if (quick || cpr_get_answer_is_yes + if ((flags & SIGN_UIDS_QUICK) || cpr_get_answer_is_yes ("sign_uid.replace_expired_okay", _("Do you want to issue a " "new signature to replace " @@ -718,14 +817,15 @@ sign_uids (ctrl_t ctrl, estream_t fp, } } - if (!node->pkt->pkt.signature->flags.exportable && !local) + if (!node->pkt->pkt.signature->flags.exportable + && !(flags & SIGN_UIDS_LOCAL)) { /* It's a local sig, and we want to make a exportable sig. */ tty_fprintf (fp, _("Your current signature on \"%s\"\n" "is a local signature.\n"), user); - if (quick || cpr_get_answer_is_yes + if ((flags & SIGN_UIDS_QUICK) || cpr_get_answer_is_yes ("sign_uid.local_promote_okay", _("Do you want to promote " "it to a full exportable " "signature? (y/N) "))) @@ -745,7 +845,8 @@ sign_uids (ctrl_t ctrl, estream_t fp, /* Fixme: see whether there is a revocation in which * case we should allow signing it again. */ - if (!node->pkt->pkt.signature->flags.exportable && local) + if (!node->pkt->pkt.signature->flags.exportable + && (flags & SIGN_UIDS_LOCAL)) tty_fprintf ( fp, _("\"%s\" was already locally signed by key %s\n"), user, keystr_from_pk (pk)); @@ -755,7 +856,7 @@ sign_uids (ctrl_t ctrl, estream_t fp, user, keystr_from_pk (pk)); if (opt.flags.force_sign_key - || (opt.expert && !quick + || (opt.expert && !(flags & SIGN_UIDS_QUICK) && cpr_get_answer_is_yes ("sign_uid.dupe_okay", _("Do you want to sign it " "again anyway? (y/N) ")))) @@ -805,7 +906,7 @@ sign_uids (ctrl_t ctrl, estream_t fp, { tty_fprintf (fp, _("This key has expired!")); - if (opt.expert && !quick) + if (opt.expert && !(flags & SIGN_UIDS_QUICK)) { tty_fprintf (fp, " "); if (!cpr_get_answer_is_yes ("sign_uid.expired_okay", @@ -824,7 +925,7 @@ sign_uids (ctrl_t ctrl, estream_t fp, tty_fprintf (fp, _("This key is due to expire on %s.\n"), expirestr_from_pk (primary_pk)); - if (opt.ask_cert_expire && !quick) + if (opt.ask_cert_expire && !(flags & SIGN_UIDS_QUICK)) { char *answer = cpr_get ("sign_uid.expire", _("Do you want your signature to " @@ -851,7 +952,7 @@ sign_uids (ctrl_t ctrl, estream_t fp, the expiration of the pk */ if (!duration && !selfsig) { - if (opt.ask_cert_expire && !quick) + if (opt.ask_cert_expire && !(flags & SIGN_UIDS_QUICK)) duration = ask_expire_interval (1, opt.def_cert_expire); else duration = parse_expire_string (opt.def_cert_expire); @@ -861,7 +962,7 @@ sign_uids (ctrl_t ctrl, estream_t fp, ; else { - if (opt.batch || !opt.ask_cert_level || quick) + if (opt.batch || !opt.ask_cert_level || (flags & SIGN_UIDS_QUICK)) class = 0x10 + opt.def_cert_level; else { @@ -906,11 +1007,23 @@ sign_uids (ctrl_t ctrl, estream_t fp, } } - if (trust && !quick) - trustsig_prompt (&trust_value, &trust_depth, &trust_regexp); - } + if ((flags & SIGN_UIDS_TRUSTSIG)) + { + xfree (trust_regexp); + trust_regexp = NULL; + if ((flags & SIGN_UIDS_QUICK)) + { + rc = parse_trustsig_string (trustsigstr, &trust_value, + &trust_depth, &trust_regexp); + if (rc) + goto leave; + } + else + trustsig_prompt (&trust_value, &trust_depth, &trust_regexp); + } + } - if (!quick) + if (!(flags & SIGN_UIDS_QUICK)) { p = get_user_id_native (ctrl, sk_keyid); tty_fprintf (fp, @@ -924,14 +1037,14 @@ sign_uids (ctrl_t ctrl, estream_t fp, tty_fprintf (fp, "\n"); tty_fprintf (fp, _("This will be a self-signature.\n")); - if (local) + if ((flags & SIGN_UIDS_LOCAL)) { tty_fprintf (fp, "\n"); tty_fprintf (fp, _("WARNING: the signature will not be marked " "as non-exportable.\n")); } - if (nonrevocable) + if ((flags & SIGN_UIDS_NONREVOCABLE)) { tty_fprintf (fp, "\n"); tty_fprintf (fp, _("WARNING: the signature will not be marked " @@ -940,14 +1053,14 @@ sign_uids (ctrl_t ctrl, estream_t fp, } else { - if (local) + if ((flags & SIGN_UIDS_LOCAL)) { tty_fprintf (fp, "\n"); tty_fprintf (fp, _("The signature will be marked as non-exportable.\n")); } - if (nonrevocable) + if ((flags & SIGN_UIDS_NONREVOCABLE)) { tty_fprintf (fp, "\n"); tty_fprintf (fp, @@ -977,7 +1090,7 @@ sign_uids (ctrl_t ctrl, estream_t fp, if (opt.batch && opt.answer_yes) ; - else if (quick) + else if ((flags & SIGN_UIDS_QUICK)) ; else if (!cpr_get_answer_is_yes ("sign_uid.okay", _("Really sign? (y/N) "))) @@ -999,8 +1112,8 @@ sign_uids (ctrl_t ctrl, estream_t fp, log_assert (primary_pk); memset (&attrib, 0, sizeof attrib); - attrib.non_exportable = local; - attrib.non_revocable = nonrevocable; + attrib.non_exportable = !!(flags & SIGN_UIDS_LOCAL); + attrib.non_revocable = !!(flags & SIGN_UIDS_NONREVOCABLE); attrib.trust_depth = trust_depth; attrib.trust_value = trust_value; attrib.trust_regexp = trust_regexp; @@ -1054,6 +1167,8 @@ sign_uids (ctrl_t ctrl, estream_t fp, } /* End loop over signators. */ leave: + xfree (trust_regexp); + trust_regexp = NULL; release_sk_list (sk_list); return rc; } @@ -1192,9 +1307,10 @@ fix_keyblock (ctrl_t ctrl, kbnode_t *keyblockp) } +/* Helper to parse the prefix of the sign command STR and set the + * respective bits in R_FLAGS. Returns false on error. */ static int -parse_sign_type (const char *str, int *localsig, int *nonrevokesig, - int *trustsig) +parse_sign_type (const char *str, unsigned int *r_flags) { const char *p = str; @@ -1202,17 +1318,17 @@ parse_sign_type (const char *str, int *localsig, int *nonrevokesig, { if (ascii_strncasecmp (p, "l", 1) == 0) { - *localsig = 1; + *r_flags |= SIGN_UIDS_LOCAL; p++; } else if (ascii_strncasecmp (p, "nr", 2) == 0) { - *nonrevokesig = 1; + *r_flags |= SIGN_UIDS_NONREVOCABLE; p += 2; } else if (ascii_strncasecmp (p, "t", 1) == 0) { - *trustsig = 1; + *r_flags |= SIGN_UIDS_TRUSTSIG; p++; } else @@ -1664,7 +1780,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, case cmdSIGN: { - int localsig = 0, nonrevokesig = 0, trustsig = 0, interactive = 0; + unsigned int myflags = 0; if (pk->flags.revoked) { @@ -1700,7 +1816,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, if (! result) { if (opt.interactive) - interactive = 1; + myflags |= SIGN_UIDS_INTERACTIVE; else { tty_printf (_("Hint: Select the user IDs to sign\n")); @@ -1710,16 +1826,15 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, } } + /* What sort of signing are we doing? */ - if (!parse_sign_type - (answer, &localsig, &nonrevokesig, &trustsig)) + if (!parse_sign_type (answer, &myflags)) { tty_printf (_("Unknown signature type '%s'\n"), answer); break; } - sign_uids (ctrl, NULL, keyblock, locusr, &modified, - localsig, nonrevokesig, trustsig, interactive, 0); + sign_uids (ctrl, NULL, keyblock, locusr, myflags, NULL, &modified); } break; @@ -2899,10 +3014,12 @@ find_by_primary_fpr (ctrl_t ctrl, const char *fpr, key are signed using the default signing key. If UIDS is an empty list all usable UIDs are signed, if it is not empty, only those user ids matching one of the entries of the list are signed. With - LOCAL being true the signatures are marked as non-exportable. */ + LOCAL being true the signatures are marked as non-exportable. If + TRUSTSIG is given a trust signature is created; see + parse_trustsig_string(). */ void keyedit_quick_sign (ctrl_t ctrl, const char *fpr, strlist_t uids, - strlist_t locusr, int local) + strlist_t locusr, const char *trustsig, int local) { gpg_error_t err = 0; kbnode_t keyblock = NULL; @@ -2918,6 +3035,20 @@ keyedit_quick_sign (ctrl_t ctrl, const char *fpr, strlist_t uids, check_trustdb_stale (ctrl); #endif + /* Do an early check on an arg for an immediate error message. */ + if (trustsig) + { + byte trust_depth, trust_value; + char *trust_regexp; + err = parse_trustsig_string (trustsig, &trust_value, + &trust_depth, &trust_regexp); + xfree (trust_regexp); + (void)trust_depth; + (void)trust_value; + if (err) + goto leave; + } + /* We require a fingerprint because only this uniquely identifies a key and may thus be used to select a key for unattended key signing. */ @@ -3025,8 +3156,14 @@ keyedit_quick_sign (ctrl_t ctrl, const char *fpr, strlist_t uids, } /* Sign. */ - sign_uids (ctrl, es_stdout, keyblock, locusr, &modified, local, 0, 0, 0, 1); + err = sign_uids (ctrl, es_stdout, keyblock, locusr, + (SIGN_UIDS_QUICK + | (local? SIGN_UIDS_LOCAL : 0) + | (trustsig? SIGN_UIDS_TRUSTSIG : 0)), + trustsig, &modified); es_fflush (es_stdout); + if (err) + goto leave; if (modified) { @@ -3045,7 +3182,10 @@ keyedit_quick_sign (ctrl_t ctrl, const char *fpr, strlist_t uids, leave: if (err) - write_status_error ("keyedit.sign-key", err); + { + log_error (_("creating key signature failed: %s\n"), gpg_strerror (err)); + write_status_error ("keyedit.sign-key", err); + } release_kbnode (keyblock); keydb_release (kdbhd); } diff --git a/g10/keyedit.h b/g10/keyedit.h index 1b2aec2b8..7edda9a0b 100644 --- a/g10/keyedit.h +++ b/g10/keyedit.h @@ -48,7 +48,8 @@ void keyedit_quick_addadsk (ctrl_t ctrl, const char *fpr, const char *adskfpr); void keyedit_quick_revuid (ctrl_t ctrl, const char *username, const char *uidtorev); void keyedit_quick_sign (ctrl_t ctrl, const char *fpr, - strlist_t uids, strlist_t locusr, int local); + strlist_t uids, strlist_t locusr, + const char *trustsig, int local); void keyedit_quick_revsig (ctrl_t ctrl, const char *username, const char *sigtorev, strlist_t affected_uids); void keyedit_quick_set_expire (ctrl_t ctrl, diff --git a/g10/keylist.c b/g10/keylist.c index 499bdf91f..fc0e161ea 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -1291,6 +1291,37 @@ cmp_signodes (const void *av, const void *bv) } +/* Given a domain name at NAME with length NAME, check whether this is + * a valid domain name and in that case return a malloced string ith + * the name. Escaped dots are ignored and removed from the result. + * Example: "example\.org" -> "example.org" Note that the input may + * not be Nul terminated. */ +static char * +parse_trust_name (const char *name, size_t namelen) +{ + char *buffer, *p; + + p = buffer = xtrymalloc (namelen+1); + if (!buffer) + return NULL; /* Oops - caller needs to use some fallback */ + + for (; namelen; name++, namelen--) + { + if (*name == '\\' && namelen > 1 && name[1] == '.') + ; /* Skip the escape character. */ + else + *p++ = *name; + } + *p = 0; + if (!is_valid_domain_name (buffer)) + { + xfree (buffer); + buffer = NULL; + } + return buffer; +} + + /* Helper for list_keyblock_print. The caller must have set * NODFLG_MARK_B to indicate self-signatures. */ static void @@ -1403,6 +1434,31 @@ list_signature_print (ctrl_t ctrl, kbnode_t keyblock, kbnode_t node, print_utf8_buffer (es_stdout, p, n); xfree (p); } + if ((opt.list_options & LIST_SHOW_TRUSTSIG) + && (sig->trust_depth || sig->trust_value || sig->trust_regexp)) + { + es_fprintf (es_stdout, " [T=%d,%d", sig->trust_depth, sig->trust_value); + if (sig->trust_regexp) + { + size_t n = strlen (sig->trust_regexp); + char *tname = NULL; + + if (!strncmp (sig->trust_regexp, "<[^>]+[@.]", 10) + && n > 12 && !strcmp (sig->trust_regexp+n-2, ">$") + && (tname=parse_trust_name (sig->trust_regexp+10, n-12))) + { + es_fprintf (es_stdout, ",\"%s", tname); + xfree (tname); + } + else + { + es_fputs (",R\"", es_stdout); + es_write_sanitized (es_stdout, sig->trust_regexp, n, "\"", NULL); + } + es_putc ('\"', es_stdout); + } + es_putc (']', es_stdout); + } es_putc ('\n', es_stdout); if (sig->flags.policy_url diff --git a/g10/options.h b/g10/options.h index 89f04526f..c877404a7 100644 --- a/g10/options.h +++ b/g10/options.h @@ -463,6 +463,7 @@ EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode; #define LIST_SHOW_X509_NOTATIONS (1<<17) #define LIST_STORE_X509_NOTATIONS (1<<18) #define LIST_SHOW_OWNERTRUST (1<<19) +#define LIST_SHOW_TRUSTSIG (1<<20) #define VERIFY_SHOW_PHOTOS (1<<0) #define VERIFY_SHOW_POLICY_URLS (1<<1) |