gpg: Exclude expired trusted keys from the key validation process. - gnupg

diff options

author	Werner Koch <[email protected]>	2024-09-25 13:15:51 +0000
committer	Werner Koch <[email protected]>	2024-09-25 13:21:55 +0000
commit	19f2f00bfd30ca2389318d11047346a5ade95e75 (patch)
tree	36a54be2f8bb64fd7b5cdf000faf177c5bbe66ed /sm/call-agent.c
parent	gpg: Validate the trustdb after the import of a trusted key. (diff)
download	gnupg-19f2f00bfd30ca2389318d11047346a5ade95e75.tar.gz gnupg-19f2f00bfd30ca2389318d11047346a5ade95e75.zip

gpg: Exclude expired trusted keys from the key validation process.

* g10/trustdb.c (copy_key_item): New. (validate_keys): Use a stripped down UTK list w/o expired keys. -- This patch makes sure that an expired trusted key is not used for trust computation. The test case is to delete a trusted key from the keyring, import a copy of that key which has already expired, check that a signed key is not anymore fully trusted and finally import a prolonged version of the trusted key and check that the signed key is now again fully trusted. GnuPG-bug-id: 7200

Diffstat (limited to 'sm/call-agent.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: