Add new signature_t member chain_model.

6 files changed, 43 insertions, 6 deletions

diff --git a/NEWS b/NEWS
index f1f0845c..26b10d1c 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,10 @@ Noteworthy changes in version 1.1.6 (unreleased)
 ------------------------------------------------
 
 
+ * Interface changes relative to the 1.1.1 release:
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ gpgme_signature_t               EXTENDED: New field chain_model.
+
 
 Noteworthy changes in version 1.1.5 (2007-07-09)
 ------------------------------------------------
diff --git a/doc/ChangeLog b/doc/ChangeLog
index 1109437b..f711a126 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,3 +1,7 @@
+2007-08-07  Werner Koch  <[email protected]>
+
+	* gpgme.texi (Verify): Describe chain_model.
+
 2007-07-12  Werner Koch  <[email protected]>
 
 	* gpgme.texi (Library Version Check): Add remark that the socket
diff --git a/doc/gpgme.texi b/doc/gpgme.texi
index 61db9cf8..f480715e 100644
--- a/doc/gpgme.texi
+++ b/doc/gpgme.texi
@@ -4076,6 +4076,16 @@ Values are:
 Depending on the configuration of the engine, this metric may also be
 reflected by the validity of the signature.
 
+@item unsigned int chain_model : 1
+This is true if the validity of the signature has been checked using the
+chain model.  In the chain model the time the signature has been created
+must be within the validity period of the certificate and the time the
+certificate itself has been created must be within the validity period
+of the issuing certificate.  In contrast the default validation model
+checks the validity of signature as well at the entire certificate chain
+at the current time.
+
+
 @item gpgme_validity_t validity
 The validity of the signature.
 
diff --git a/gpgme/ChangeLog b/gpgme/ChangeLog
index 88006ac9..f0622bfe 100644
--- a/gpgme/ChangeLog
+++ b/gpgme/ChangeLog
@@ -1,3 +1,8 @@
+2007-08-07  Werner Koch  <[email protected]>
+
+	* gpgme.h (struct _gpgme_signature): Add member CHAIN_MODEL.
+	* verify.c (parse_trust): Set Chain_MODEL.
+
 2007-08-02  Werner Koch  <[email protected]>
 
 	* w32-glib-io.c (_gpgme_io_spawn): Use DETACHED_PROCESS flag.
@@ -12,7 +17,7 @@
 
 2007-07-17  Marcus Brinkmann  <[email protected]>
 
-	* debug.c:;5B Include <errno.h> and "debug.h".
+	* debug.c: Include <errno.h> and "debug.h".
 	(_gpgme_debug): Save and restore ERRNO.
 	(TOHEX): New macro.
 	(_gpgme_debug_buffer): New function.
diff --git a/gpgme/gpgme.h b/gpgme/gpgme.h
index 9ee8b079..bd9cb885 100644
--- a/gpgme/gpgme.h
+++ b/gpgme/gpgme.h
@@ -1,6 +1,6 @@
 /* gpgme.h - Public interface to GnuPG Made Easy.
    Copyright (C) 2000 Werner Koch (dd9jn)
-   Copyright (C) 2001, 2002, 2003, 2004, 2005 g10 Code GmbH
+   Copyright (C) 2001, 2002, 2003, 2004, 2005, 2007 g10 Code GmbH
 
    This file is part of GPGME.
  
@@ -1323,8 +1323,11 @@ struct _gpgme_signature
   /* PKA status: 0 = not available, 1 = bad, 2 = okay, 3 = RFU. */
   unsigned int pka_trust : 2;
 
+  /* Validity has been verified using the chain model. */
+  unsigned int chain_model : 1;
+
   /* Internal to GPGME, do not use.  */
-  int _unused : 29;
+  int _unused : 28;
 
   gpgme_validity_t validity;
   gpgme_error_t validity_reason;
diff --git a/gpgme/verify.c b/gpgme/verify.c
index a9730e59..71221bb7 100644
--- a/gpgme/verify.c
+++ b/gpgme/verify.c
@@ -541,10 +541,21 @@ parse_trust (gpgme_signature_t sig, gpgme_status_code_t code, char *args)
       break;
     }
 
+  sig->validity_reason = 0;
+  sig->chain_model = 0;
   if (*args)
-    sig->validity_reason = _gpgme_map_gnupg_error (args);
-  else
-    sig->validity_reason = 0;
+    {
+      sig->validity_reason = _gpgme_map_gnupg_error (args);
+      while (*args && *args != ' ')
+        args++;
+      if (*args)
+        {
+          while (*args == ' ')
+            args++;
+          if (!strncmp (args, "cm", 2) && (args[2] == ' ' || !args[2]))
+            sig->chain_model = 1;
+        }
+    }
 
   return 0;
 }