[Pkg-gnupg-commit] [gnupg1] 14/35: gpgv: Tweak default options for extra security.

[Daniel Kahn Gillmor]

This is an automated email from the git hooks/post-receive script.

dkg pushed a commit to branch master
in repository gnupg1.

commit cf01cf8b88abb6ed5fea300c28e2a1e6a7c67804
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Sat Jul 9 10:20:02 2016 +0900

    gpgv: Tweak default options for extra security.
    
    * g10/gpgv.c (main): Set opt.no_sig _cache, so that it doesn't depend on
    cached status.  Similarly, set opt.flags.require_cross_cert for backsig
    validation for subkey signature.
    
    --
    
    (backport of master
    commit e32c575e0f3704e7563048eea6d26844bdfc494b)
    
    It is common that an organization distributes binary keyrings with
    signature cache (Tag 12, Trust Packet) and people use gpgv to validate
    signature with such keyrings.  In such a use case, it is possible that
    the key validation itself is skipped.
    
    For the purpose of gpgv validation of signatures, we should not depend
    on signature cache in keyrings (if any), but we should validate the key
    by its self signature for primary key, and back signature for subkey.
    
    Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
---
 g10/gpgv.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/g10/gpgv.c b/g10/gpgv.c
index b2721ba..f2899bf 100644
--- a/g10/gpgv.c
+++ b/g10/gpgv.c
@@ -144,6 +144,8 @@ main( int argc, char **argv )
     opt.pgp2_workarounds = 1;
     opt.keyserver_options.options|=KEYSERVER_AUTO_KEY_RETRIEVE;
     opt.trust_model = TM_ALWAYS;
+    opt.no_sig_cache = 1;
+    opt.flags.require_cross_cert = 1;
     opt.batch = 1;
     opt.weak_digests = NULL;
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg1.git