[svn] GnuPG - r3917 - trunk/g10

svn author dshaw cvs at cvs.gnupg.org
Thu Oct 27 18:24:02 CEST 2005 

Author: dshaw
Date: 2005-10-27 18:23:59 +0200 (Thu, 27 Oct 2005)
New Revision: 3917

Modified:
   trunk/g10/ChangeLog
   trunk/g10/getkey.c
   trunk/g10/keyedit.c
Log:
* keyedit.c (menu_addrevoker), getkey.c (finish_lookup): Fix problem with
adding a cert-only designated revoker.  Code was looking for a key with
sign ability, and not cert ability.  Noted by Timo Schulz.


Modified: trunk/g10/ChangeLog
===================================================================
--- trunk/g10/ChangeLog	2005-10-27 09:14:27 UTC (rev 3916)
+++ trunk/g10/ChangeLog	2005-10-27 16:23:59 UTC (rev 3917)
@@ -1,3 +1,10 @@
+2005-10-27  David Shaw  <dshaw at jabberwocky.com>
+
+	* keyedit.c (menu_addrevoker), getkey.c (finish_lookup): Fix
+	problem with adding a cert-only designated revoker.  Code was
+	looking for a key with sign ability, and not cert ability.  Noted
+	by Timo Schulz.
+
 2005-10-27  Werner Koch  <wk at g10code.com>
 
 	* gpg.c [__CYGWIN__]: Set default driver to winscard.dll.

Modified: trunk/g10/getkey.c
===================================================================
--- trunk/g10/getkey.c	2005-10-27 09:14:27 UTC (rev 3916)
+++ trunk/g10/getkey.c	2005-10-27 16:23:59 UTC (rev 3917)
@@ -2345,7 +2345,7 @@
     KBNODE k;
     KBNODE foundk = NULL;
     PKT_user_id *foundu = NULL;
-#define USAGE_MASK  (PUBKEY_USAGE_SIG|PUBKEY_USAGE_ENC)
+#define USAGE_MASK  (PUBKEY_USAGE_SIG|PUBKEY_USAGE_ENC|PUBKEY_USAGE_CERT)
     unsigned int req_usage = ( ctx->req_usage & USAGE_MASK );
     /* Request the primary if we're certifying another key, and also
        if signing data while --pgp6 or --pgp7 is on since pgp 6 and 7

Modified: trunk/g10/keyedit.c
===================================================================
--- trunk/g10/keyedit.c	2005-10-27 09:14:27 UTC (rev 3916)
+++ trunk/g10/keyedit.c	2005-10-27 16:23:59 UTC (rev 3917)
@@ -3380,9 +3380,11 @@
 	  goto fail;
 	}
 
-      /* Note that I'm requesting SIG here and not CERT.  We're making
-	 a certification, but it is okay to be a subkey. */
-      revoker_pk->req_usage=PUBKEY_USAGE_SIG;
+      /* Note that I'm requesting CERT here, which usually implies
+	 primary keys only, but some casual testing shows that PGP and
+	 GnuPG both can handle a designated revokation from a
+	 subkey. */
+      revoker_pk->req_usage=PUBKEY_USAGE_CERT;
       rc=get_pubkey_byname(revoker_pk,answer,NULL,NULL,1);
       if(rc)
 	{

More information about the Gnupg-commits mailing list