[Pkg-gnupg-commit] [gnupg2] 110/292: g10: Still check if the key is an UTK or cross signed in batch mode.

Mon Nov 21 06:31:31 UTC 2016

This is an automated email from the git hooks/post-receive script.

dkg pushed a commit to branch master
in repository gnupg2.

commit e09166c77273f459c8f87cab9224f85808af2cba
Author: Neal H. Walfield <neal at g10code.com>
Date:   Thu Oct 13 12:38:19 2016 +0200

    g10: Still check if the key is an UTK or cross signed in batch mode.
    
    * g10/tofu.c (get_trust): If POLICY is ask, but we can't ask, don't
    bail immediately.  Instead, check if the key in question is an
    ultimately trusted key or cross signed.
    
    --
    Signed-off-by: Neal H. Walfield <neal at g10code.com>
---
 g10/tofu.c | 31 +++++++++++++------------------
 1 file changed, 13 insertions(+), 18 deletions(-)

diff --git a/g10/tofu.c b/g10/tofu.c
index b9416d5..8184c6f 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -2131,12 +2131,6 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
 
     case TOFU_POLICY_ASK:
       /* We need to ask the user what to do.  Case #1 or #2 below.  */
-      if (! may_ask)
-	{
-	  trust_level = TRUST_UNDEFINED;
-	  goto out;
-	}
-
       break;
 
     case TOFU_POLICY_NONE:
@@ -2296,18 +2290,19 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
 
   if (! may_ask)
     {
-      /* We can only get here in the third case (no saved policy) and
-       * if there is a conflict.  (If the policy was ask (cases #1 and
-       * #2) and we weren't allowed to ask, we'd have already exited).  */
-      log_assert (policy == TOFU_POLICY_NONE);
-
-      if (record_binding (dbs, fingerprint, email, user_id,
-			  TOFU_POLICY_ASK,
-                          conflict_set && conflict_set->next
-                          ? conflict_set->next->d : NULL,
-                          0, now) != 0)
-	log_error (_("error setting TOFU binding's trust level to %s\n"),
-		   "ask");
+      log_assert (policy == TOFU_POLICY_NONE || policy == TOFU_POLICY_ASK);
+      if (policy == TOFU_POLICY_NONE)
+        {
+          /* We get here in the third case (no saved policy) and if
+           * there is a conflict.  */
+          if (record_binding (dbs, fingerprint, email, user_id,
+                              TOFU_POLICY_ASK,
+                              conflict_set && conflict_set->next
+                              ? conflict_set->next->d : NULL,
+                              0, now) != 0)
+            log_error (_("error setting TOFU binding's trust level to %s\n"),
+                       "ask");
+        }
 
       trust_level = TRUST_UNDEFINED;
       goto out;

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git

