summaryrefslogtreecommitdiffstats
path: root/g10
diff options
context:
space:
mode:
Diffstat (limited to 'g10')
-rw-r--r--g10/ChangeLog7
-rw-r--r--g10/gpg.c48
-rw-r--r--g10/mainproc.c5
-rw-r--r--g10/options.h4
-rw-r--r--g10/pkclist.c2
-rw-r--r--g10/trustdb.c7
6 files changed, 23 insertions, 50 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog
index 2ecd3ed7c..cddda13c7 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,10 @@
+2006-03-07 David Shaw <dshaw@jabberwocky.com>
+
+ * options.h, gpg.c (main, parse_trust_model), pkclist.c
+ (check_signatures_trust), mainproc.c (check_sig_and_print,
+ pka_uri_from_sig), trustdb.c (init_trustdb): Some tweaks to PKA so
+ that it is a verify-option now.
+
2006-03-07 Werner Koch <wk@g10code.com>
* mainproc.c (proc_signature_packets): Return any_sig_seen to caller.
diff --git a/g10/gpg.c b/g10/gpg.c
index 074eb4e4a..9485001d7 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -243,7 +243,6 @@ enum cmd_and_opt_values
oAlwaysTrust,
oTrustModel,
oForceOwnertrust,
- oAllowPkaLookup,
oRunAsShmCP,
oSetFilename,
oForYourEyesOnly,
@@ -601,7 +600,6 @@ static ARGPARSE_OPTS opts[] = {
{ oAlwaysTrust, "always-trust", 0, "@"},
{ oTrustModel, "trust-model", 2, "@"},
{ oForceOwnertrust, "force-ownertrust", 2, "@"},
- { oAllowPkaLookup, "allow-pka-lookup", 0, "@" },
{ oRunAsShmCP, "run-as-shm-coprocess", 4, "@" },
{ oSetFilename, "set-filename", 2, "@" },
{ oForYourEyesOnly, "for-your-eyes-only", 0, "@" },
@@ -1452,7 +1450,6 @@ gpgconf_list (const char *configfile)
printf ("quiet:%lu:\n", GC_OPT_FLAG_NONE);
printf ("keyserver:%lu:\n", GC_OPT_FLAG_NONE);
printf ("reader-port:%lu:\n", GC_OPT_FLAG_NONE);
- printf ("allow-pka-lookup:%lu:\n", GC_OPT_FLAG_NONE);
}
@@ -1608,47 +1605,20 @@ collapse_args(int argc,char *argv[])
static void
parse_trust_model(const char *model)
{
- opt.pka_trust_increase = 0;
if(ascii_strcasecmp(model,"pgp")==0)
- {
- opt.trust_model=TM_PGP;
- }
- else if(ascii_strcasecmp(model,"pgp+pka")==0)
- {
- opt.trust_model=TM_PGP;
- opt.pka_trust_increase = 1;
- }
+ opt.trust_model=TM_PGP;
else if(ascii_strcasecmp(model,"classic")==0)
- {
- opt.trust_model=TM_CLASSIC;
- }
+ opt.trust_model=TM_CLASSIC;
else if(ascii_strcasecmp(model,"always")==0)
- {
- opt.trust_model=TM_ALWAYS;
- }
+ opt.trust_model=TM_ALWAYS;
else if(ascii_strcasecmp(model,"direct")==0)
- {
- opt.trust_model=TM_DIRECT;
- }
- else if(ascii_strcasecmp(model,"direct+pka")==0)
- {
- opt.trust_model=TM_DIRECT;
- opt.pka_trust_increase = 1;
- }
+ opt.trust_model=TM_DIRECT;
else if(ascii_strcasecmp(model,"auto")==0)
- {
- opt.trust_model=TM_AUTO;
- }
- else if(ascii_strcasecmp(model,"auto+pka")==0)
- {
- opt.trust_model=TM_AUTO;
- opt.pka_trust_increase = 1;
- }
+ opt.trust_model=TM_AUTO;
else
log_error("unknown trust model `%s'\n",model);
}
-
int
main (int argc, char **argv )
{
@@ -1740,7 +1710,6 @@ main (int argc, char **argv )
opt.verify_options=
VERIFY_SHOW_POLICY_URLS|VERIFY_SHOW_STD_NOTATIONS|VERIFY_SHOW_KEYSERVER_URLS;
opt.trust_model=TM_AUTO;
- opt.pka_trust_increase=0;
opt.mangle_dos_filenames=0;
opt.min_cert_level=2;
set_screen_dimensions();
@@ -2153,9 +2122,6 @@ main (int argc, char **argv )
opt.force_ownertrust=0;
}
break;
- case oAllowPkaLookup:
- opt.allow_pka_lookup = 1;
- break;
case oLoadExtension:
#ifndef __riscos__
#if defined(USE_DYNAMIC_LINKING) || defined(_WIN32)
@@ -2496,6 +2462,10 @@ main (int argc, char **argv )
N_("show user ID validity during signature verification")},
{"show-unusable-uids",VERIFY_SHOW_UNUSABLE_UIDS,NULL,
N_("show revoked and expired user IDs in signature verification")},
+ {"pka-lookup",VERIFY_PKA_LOOKUP,NULL,
+ N_("validate signatures with PKA data")},
+ {"pka-trust-increase",VERIFY_PKA_TRUST_INCREASE,NULL,
+ N_("elevate the trust of signatures with valid PKA data")},
{NULL,0,NULL,NULL}
};
diff --git a/g10/mainproc.c b/g10/mainproc.c
index cc865a833..8c8262f58 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -1390,7 +1390,7 @@ pka_uri_from_sig (PKT_signature *sig)
assert (!sig->pka_info);
sig->flags.pka_tried = 1;
sig->pka_info = get_pka_address (sig);
- if (sig->pka_info && opt.allow_pka_lookup)
+ if (sig->pka_info)
{
char *uri;
@@ -1866,7 +1866,8 @@ check_sig_and_print( CTX c, KBNODE node )
if (!rc)
{
- pka_uri_from_sig (sig); /* Make sure PKA info is available. */
+ if(opt.verify_options&VERIFY_PKA_LOOKUP)
+ pka_uri_from_sig (sig); /* Make sure PKA info is available. */
rc = check_signatures_trust( sig );
}
diff --git a/g10/options.h b/g10/options.h
index 422d36b85..65e7cded5 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -103,8 +103,6 @@ struct
TM_CLASSIC=0, TM_PGP=1, TM_EXTERNAL=2, TM_ALWAYS, TM_DIRECT, TM_AUTO
} trust_model;
int force_ownertrust;
- int pka_trust_increase; /* Valid PKA information increases the trust. */
- int allow_pka_lookup; /* PKA lookups are only done if this is set. */
enum
{
CO_GNUPG=0, CO_RFC2440, CO_RFC1991, CO_PGP2, CO_PGP6, CO_PGP7, CO_PGP8
@@ -316,6 +314,8 @@ struct {
#define VERIFY_SHOW_KEYSERVER_URLS (1<<4)
#define VERIFY_SHOW_UID_VALIDITY (1<<5)
#define VERIFY_SHOW_UNUSABLE_UIDS (1<<6)
+#define VERIFY_PKA_LOOKUP (1<<7)
+#define VERIFY_PKA_TRUST_INCREASE (1<<8)
#define KEYSERVER_USE_TEMP_FILES (1<<0)
#define KEYSERVER_KEEP_TEMP_FILES (1<<1)
diff --git a/g10/pkclist.c b/g10/pkclist.c
index 11a5f522e..5cce7f209 100644
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@@ -566,7 +566,7 @@ check_signatures_trust( PKT_signature *sig )
case TRUST_UNKNOWN:
case TRUST_UNDEFINED:
case TRUST_MARGINAL:
- if (okay && opt.pka_trust_increase)
+ if (okay && opt.verify_options&VERIFY_PKA_TRUST_INCREASE)
{
trustlevel = ((trustlevel & ~TRUST_MASK) | TRUST_FULLY);
log_info (_("trustlevel adjusted to FULL"
diff --git a/g10/trustdb.c b/g10/trustdb.c
index cff55ec21..e372bf8fb 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -450,12 +450,7 @@ init_trustdb()
}
if(opt.verbose)
- {
- log_info(_("using %s trust model\n"),trust_model_string());
- if (opt.pka_trust_increase)
- log_info(_("PKA verification is allowed to"
- " leverage trust to full\n"));
- }
+ log_info(_("using %s trust model\n"),trust_model_string());
}
if(opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC)