diff options
| author | David Shaw <dshaw@jabberwocky.com> | 2006-03-12 16:33:57 +0100 |
|---|---|---|
| committer | David Shaw <dshaw@jabberwocky.com> | 2006-03-12 16:33:57 +0100 |
| commit | 7e3ba27aefb01ddc71fdcf048a2b365f02a77879 (patch) | |
| tree | 8340ca1616523c61e19b08aef016f168ae57e2fb | |
| parent | * samplekeys.asc: Update 99242560 to have a signing subkey backsig. (diff) | |
| download | gnupg2-7e3ba27aefb01ddc71fdcf048a2b365f02a77879.tar.xz gnupg2-7e3ba27aefb01ddc71fdcf048a2b365f02a77879.zip | |
* sig-check.c (signature_check2): Print the backsig warning when there
is no backsig present. Give a URL for more information.
* keyedit.c (menu_backsign): Small tweak to work properly with keys
originally generated with older GnuPGs that included comments in the
secret keys.
| -rw-r--r-- | g10/ChangeLog | 9 | ||||
| -rw-r--r-- | g10/keyedit.c | 5 | ||||
| -rw-r--r-- | g10/sig-check.c | 14 |
3 files changed, 20 insertions, 8 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index 85da8f255..c320ed7c8 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,12 @@ +2006-03-12 David Shaw <dshaw@jabberwocky.com> + + * sig-check.c (signature_check2): Print the backsig warning when + there is no backsig present. Give a URL for more information. + + * keyedit.c (menu_backsign): Small tweak to work properly with + keys originally generated with older GnuPGs that included comments + in the secret keys. + 2006-03-09 David Shaw <dshaw@jabberwocky.com> * build-packet.c (string_to_notation): Add ability to indicate a diff --git a/g10/keyedit.c b/g10/keyedit.c index fcee1b79e..ce31bdc8c 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -3699,9 +3699,10 @@ menu_backsign(KBNODE pub_keyblock,KBNODE sec_keyblock) keys), so we just pick the selfsig with the right class. This is what menu_expire does as well. */ for(node2=node2->next; - node2 && node2->pkt->pkttype==PKT_SIGNATURE; + node2 && node2->pkt->pkttype!=PKT_SECRET_SUBKEY; node2=node2->next) - if(node2->pkt->pkt.signature->version>=4 + if(node2->pkt->pkttype==PKT_SIGNATURE + && node2->pkt->pkt.signature->version>=4 && node2->pkt->pkt.signature->keyid[0]==sig_pk->pkt->pkt.signature->keyid[0] && node2->pkt->pkt.signature->keyid[1]==sig_pk->pkt->pkt.signature->keyid[1] && node2->pkt->pkt.signature->sig_class==sig_pk->pkt->pkt.signature->sig_class) diff --git a/g10/sig-check.c b/g10/sig-check.c index a444bbfe7..f09711e12 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -96,15 +96,17 @@ signature_check2( PKT_signature *sig, MD_HANDLE digest, u32 *r_expiredate, signaures issued by it. */ if(rc==0 && !pk->is_primary && pk->backsig<2) { - /* TODO: In a future version, once enough signing subkeys - have backsigs, change this to always give the warning, - and have --require-backsigs enable or disable the - G10ERR_GENERAL. */ - if(pk->backsig==0 && opt.flags.require_cross_cert) + if(pk->backsig==0) { log_info(_("WARNING: signing subkey %s is not" " cross-certified\n"),keystr_from_pk(pk)); - rc=G10ERR_GENERAL; + log_info(_("please see %s for more information\n"), + "http://www.gnupg.org/subkey-cross-certify.html"); + /* --require-cross-certification makes this warning an + error. TODO: change the default to require this + after more keys have backsigs. */ + if(opt.flags.require_cross_cert) + rc=G10ERR_GENERAL; } else if(pk->backsig==1) { |