[git] GnuPG - branch, master, updated. gnupg-2.1.21-113-g2e54594

by Werner Koch cvs at cvs.gnupg.org
Wed Jul 19 13:17:32 CEST 2017 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  2e5459457473eb4b3e7b2b14815cb94faa66e8bb (commit)
      from  da91d2106a17c796ddb066a34db92d33b21c81f7 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 2e5459457473eb4b3e7b2b14815cb94faa66e8bb
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Jul 19 13:03:43 2017 +0200

    gpg: Avoid asking by fpr and then by keyid during auto-key-retrieve.
    
    * g10/mainproc.c (check_sig_and_print): Track key server request via
    fingerprint.
    --
    
    New signatures carry the fingerprint and thus --auto-key-retrieve tries
    to lookup the key by fingerprint.  If that failed it used to also ask
    the same thing by KEYID - but the keyid is part of the fingerprint and
    thus it will either get no response or the wrong key back.  We can
    easily avoid this.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/g10/mainproc.c b/g10/mainproc.c
index c57925c..fddafd8 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -1658,6 +1658,7 @@ check_sig_and_print (CTX c, kbnode_t node)
   int is_revkey = 0;
   char *issuer_fpr;
   PKT_public_key *pk = NULL;  /* The public key for the signature or NULL. */
+  int tried_ks_by_fpr;
 
   if (opt.skip_verify)
     {
@@ -1886,6 +1887,7 @@ check_sig_and_print (CTX c, kbnode_t node)
    * that the signers fingerprint is encoded in the signature.  We
    * favor this over the WKD method (to be tried next), because an
    * arbitrary keyserver is less subject to web bug like monitoring.  */
+  tried_ks_by_fpr = 0;
   if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
       && (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE)
       && keyserver_any_configured (c->ctrl))
@@ -1902,6 +1904,7 @@ check_sig_and_print (CTX c, kbnode_t node)
           pk = NULL;
           glo_ctrl.in_auto_key_retrieve++;
           res = keyserver_import_fprint (c->ctrl, p+1, n-1, opt.keyserver, 1);
+          tried_ks_by_fpr = 1;
           glo_ctrl.in_auto_key_retrieve--;
           if (!res)
             rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey, &pk);
@@ -1933,6 +1936,7 @@ check_sig_and_print (CTX c, kbnode_t node)
    * keyserver.  */
   if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
       && (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE)
+      && !tried_ks_by_fpr
       && keyserver_any_configured (c->ctrl))
     {
       int res;

-----------------------------------------------------------------------

Summary of changes:
 g10/mainproc.c | 4 ++++
 1 file changed, 4 insertions(+)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list