gpg 1.9 for Debian/sarge

Werner Koch wk at gnupg.org
Sat Oct 2 08:30:26 CEST 2004


On Sat, 02 Oct 2004 01:39:08 -0400, Matej Cepl said:

> Any thoughts?

You are using an old kgpgcertmanager, IIRC it is now called kleopatra.

Quite some time ago we changed the semantics on how to build the
certificate chain for displaying and Kgpgcertmanager still uses the
old one.  That won't be too severe if it had put a limit on the
maximum chain length to detect such a loop.  I have always suggested
to do this.  A proper way of coding it would be something like:

  int maxdepth = 100;

  k = key->kobj;
  gpgme_key_ref (k);
  while ((s = k->chain_id) && k->subkeys && strcmp (s, k->subkeys->fpr) )
    {
      putc ('\n', fp);
      err = gpgme_op_keylist_start (listctx, s, 0);
      gpgme_key_release (k);
      k = NULL;
      if (!err)
	err = gpgme_op_keylist_next (listctx, &k);
      if (err)
        {
          fprintf (fp, _("Error finding issuer key: %s\n"),
                   gpgme_strerror (err));
          goto leave;
        }
      gpgme_op_keylist_end (listctx);
      
      print_key_info (k, fp);
      if (!--maxdepth)
        {
          putc ('\n', fp);
          fputs (_("Error: certification chain to long - stopping here\n"),
                 fp);
          break;
        }
    }


  Werner




More information about the Gpa-dev mailing list