[svn] GnuPG - r4063 - trunk/g10

svn author dshaw cvs at cvs.gnupg.org
Sun Mar 12 16:33:58 CET 2006 

Author: dshaw
Date: 2006-03-12 16:33:57 +0100 (Sun, 12 Mar 2006)
New Revision: 4063

Modified:
   trunk/g10/ChangeLog
   trunk/g10/keyedit.c
   trunk/g10/sig-check.c
Log:
* sig-check.c (signature_check2): Print the backsig warning when there
is no backsig present.  Give a URL for more information.

* keyedit.c (menu_backsign): Small tweak to work properly with keys
originally generated with older GnuPGs that included comments in the
secret keys.


Modified: trunk/g10/ChangeLog
===================================================================
--- trunk/g10/ChangeLog	2006-03-11 15:29:57 UTC (rev 4062)
+++ trunk/g10/ChangeLog	2006-03-12 15:33:57 UTC (rev 4063)
@@ -1,3 +1,12 @@
+2006-03-12  David Shaw  <dshaw at jabberwocky.com>
+
+	* sig-check.c (signature_check2): Print the backsig warning when
+	there is no backsig present.  Give a URL for more information.
+
+	* keyedit.c (menu_backsign): Small tweak to work properly with
+	keys originally generated with older GnuPGs that included comments
+	in the secret keys.
+
 2006-03-09  David Shaw  <dshaw at jabberwocky.com>
 
 	* build-packet.c (string_to_notation): Add ability to indicate a

Modified: trunk/g10/keyedit.c
===================================================================
--- trunk/g10/keyedit.c	2006-03-11 15:29:57 UTC (rev 4062)
+++ trunk/g10/keyedit.c	2006-03-12 15:33:57 UTC (rev 4063)
@@ -3699,9 +3699,10 @@
 	 keys), so we just pick the selfsig with the right class.
 	 This is what menu_expire does as well. */
       for(node2=node2->next;
-	  node2 && node2->pkt->pkttype==PKT_SIGNATURE;
+	  node2 && node2->pkt->pkttype!=PKT_SECRET_SUBKEY;
 	  node2=node2->next)
-	if(node2->pkt->pkt.signature->version>=4
+	if(node2->pkt->pkttype==PKT_SIGNATURE
+	   && node2->pkt->pkt.signature->version>=4
 	   && node2->pkt->pkt.signature->keyid[0]==sig_pk->pkt->pkt.signature->keyid[0]
 	   && node2->pkt->pkt.signature->keyid[1]==sig_pk->pkt->pkt.signature->keyid[1]
 	   && node2->pkt->pkt.signature->sig_class==sig_pk->pkt->pkt.signature->sig_class)

Modified: trunk/g10/sig-check.c
===================================================================
--- trunk/g10/sig-check.c	2006-03-11 15:29:57 UTC (rev 4062)
+++ trunk/g10/sig-check.c	2006-03-12 15:33:57 UTC (rev 4063)
@@ -96,15 +96,17 @@
 	   signaures issued by it. */
 	if(rc==0 && !pk->is_primary && pk->backsig<2)
 	  {
-	    /* TODO: In a future version, once enough signing subkeys
-	       have backsigs, change this to always give the warning,
-	       and have --require-backsigs enable or disable the
-	       G10ERR_GENERAL. */
-	    if(pk->backsig==0 && opt.flags.require_cross_cert)
+	    if(pk->backsig==0)
 	      {
 		log_info(_("WARNING: signing subkey %s is not"
 			   " cross-certified\n"),keystr_from_pk(pk));
-		rc=G10ERR_GENERAL;
+		log_info(_("please see %s for more information\n"),
+			 "http://www.gnupg.org/subkey-cross-certify.html");
+		/* --require-cross-certification makes this warning an
+                     error.  TODO: change the default to require this
+                     after more keys have backsigs. */
+		if(opt.flags.require_cross_cert)
+		  rc=G10ERR_GENERAL;
 	      }
 	    else if(pk->backsig==1)
 	      {

More information about the Gnupg-commits mailing list