diff options
| author | Werner Koch <wk@gnupg.org> | 2023-01-20 11:02:02 +0100 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2023-01-20 11:03:40 +0100 |
| commit | d98bf02a036321c8450cc836dea39671da5cfa83 (patch) | |
| tree | c35eddad9c21b8b28148a7716c0b0575713fa54a /g10/sig-check.c | |
| parent | gpg: Do not require --status-fd along with --require-compliance. (diff) | |
| download | gnupg2-d98bf02a036321c8450cc836dea39671da5cfa83.tar.xz gnupg2-d98bf02a036321c8450cc836dea39671da5cfa83.zip | |
gpg: Replace --override-compliance-check by a real fix.
* common/compliance.c (gnupg_pk_is_allowed): Handle EdDSA.
* g10/gpg.c (oOverrideComplianceCheck): Remove.
(opts): Turn --override-compliance-check into a dummy option.
* g10/options.h (opt): Remove override_compliance_check.
* g10/sig-check.c (check_key_verify_compliance): Remove use of that
option.
--
The introduction of --override-compliance-check actually hid the real
cause for the signature verification problem in de-vs mode for the
Ed25519 key. The real fix is to handle the EdDSA algorithm in
gnupg_pk_is_allowed.
Fixes-commit: fb26e144adfd93051501d58f5d0d4f8826ddf436
GnuPG-bug-id: 5655
Diffstat (limited to '')
| -rw-r--r-- | g10/sig-check.c | 11 |
1 files changed, 2 insertions, 9 deletions
diff --git a/g10/sig-check.c b/g10/sig-check.c index 7c48c0601..7a2c934cd 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -78,17 +78,10 @@ check_key_verify_compliance (PKT_public_key *pk) NULL)) { /* Compliance failure. */ - log_info (_("key %s may not be used for signing in %s mode\n"), + log_error (_("key %s may not be used for signing in %s mode\n"), keystr_from_pk (pk), gnupg_compliance_option_string (opt.compliance)); - if (opt.flags.override_compliance_check) - log_info (_("continuing verification anyway due to option %s\n"), - "--override-compliance-failure"); - else - { - log_inc_errorcount (); /* We used log info above. */ - err = gpg_error (GPG_ERR_PUBKEY_ALGO); - } + err = gpg_error (GPG_ERR_PUBKEY_ALGO); } return err; |