ENGINE-73: added revocation filtering for gpg, but netpgp appears to use db revocation status rather than keyring revocation status. Need to check both. ENGINE-73
authorKrista Grothoff <krista@pep-project.org>
Fri, 19 Aug 2016 11:13:38 +0200
branchENGINE-73
changeset 1040f12bbff0d6b4
parent 1039 e1dd2cc8ab45
child 1049 d35c550050e0
ENGINE-73: added revocation filtering for gpg, but netpgp appears to use db revocation status rather than keyring revocation status. Need to check both.
src/pgp_gpg.c
src/pgp_netpgp.c
     1.1 --- a/src/pgp_gpg.c	Fri Aug 19 10:56:33 2016 +0200
     1.2 +++ b/src/pgp_gpg.c	Fri Aug 19 11:13:38 2016 +0200
     1.3 @@ -1268,18 +1268,25 @@
     1.4                  assert(key->subkeys);
     1.5                  if (!key || !key->subkeys)
     1.6                      return PEP_GET_KEY_FAILED;
     1.7 -               
     1.8 +
     1.9                  // first subkey is primary key
    1.10                  char* fpr = key->subkeys->fpr;
    1.11 -//                char* primary_email = key->uids->email;
    1.12 -//                char* uname = key->uids->name;
    1.13                  char* uid = key->uids->uid;
    1.14                  
    1.15                  assert(fpr);
    1.16 -                assert(uid);
    1.17 +                assert(uid); // ??
    1.18                  if (!fpr)
    1.19                      return PEP_GET_KEY_FAILED;
    1.20                  
    1.21 +                PEP_STATUS key_status = PEP_GET_KEY_FAILED;
    1.22 +                
    1.23 +                bool key_revoked = false;
    1.24 +                
    1.25 +                key_status = pgp_key_revoked(session, fpr, &key_revoked);
    1.26 +                
    1.27 +                if (key_revoked || key_status == PEP_GET_KEY_FAILED)
    1.28 +                    continue;
    1.29 +                
    1.30                  pair = new_stringpair(fpr, uid);
    1.31  
    1.32                  assert(pair);
     2.1 --- a/src/pgp_netpgp.c	Fri Aug 19 10:56:33 2016 +0200
     2.2 +++ b/src/pgp_netpgp.c	Fri Aug 19 11:13:38 2016 +0200
     2.3 @@ -1183,7 +1183,14 @@
     2.4      stringpair_t* pair = NULL;
     2.5      char* id_fpr = NULL;
     2.6      char* primary_userid = (char*)pgp_key_get_primary_userid(key);
     2.7 -     
     2.8 +
     2.9 +    bool key_revoked = false;
    2.10 +                
    2.11 +//    PEP_STATUS key_status = pgp_key_revoked(session, id_fpr, &key_revoked);
    2.12 +                
    2.13 +//    if (key_revoked || key_status == PEP_GET_KEY_FAILED)
    2.14 +//        return PEP_STATUS_OK; // we just move on
    2.15 +        
    2.16      fpr_to_str(&id_fpr, key->pubkeyfpr.fingerprint,
    2.17                  key->pubkeyfpr.length);
    2.18