[Pkg-gnupg-commit] [gnupg2] 113/185: gpg: Avoid asking by fpr and then by keyid during auto-key-retrieve.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Aug 7 11:55:26 UTC 2017
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch experimental
in repository gnupg2.
commit 2e5459457473eb4b3e7b2b14815cb94faa66e8bb
Author: Werner Koch <wk at gnupg.org>
Date: Wed Jul 19 13:03:43 2017 +0200
gpg: Avoid asking by fpr and then by keyid during auto-key-retrieve.
* g10/mainproc.c (check_sig_and_print): Track key server request via
fingerprint.
--
New signatures carry the fingerprint and thus --auto-key-retrieve tries
to lookup the key by fingerprint. If that failed it used to also ask
the same thing by KEYID - but the keyid is part of the fingerprint and
thus it will either get no response or the wrong key back. We can
easily avoid this.
Signed-off-by: Werner Koch <wk at gnupg.org>
---
g10/mainproc.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/g10/mainproc.c b/g10/mainproc.c
index c57925c..fddafd8 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -1658,6 +1658,7 @@ check_sig_and_print (CTX c, kbnode_t node)
int is_revkey = 0;
char *issuer_fpr;
PKT_public_key *pk = NULL; /* The public key for the signature or NULL. */
+ int tried_ks_by_fpr;
if (opt.skip_verify)
{
@@ -1886,6 +1887,7 @@ check_sig_and_print (CTX c, kbnode_t node)
* that the signers fingerprint is encoded in the signature. We
* favor this over the WKD method (to be tried next), because an
* arbitrary keyserver is less subject to web bug like monitoring. */
+ tried_ks_by_fpr = 0;
if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
&& (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE)
&& keyserver_any_configured (c->ctrl))
@@ -1902,6 +1904,7 @@ check_sig_and_print (CTX c, kbnode_t node)
pk = NULL;
glo_ctrl.in_auto_key_retrieve++;
res = keyserver_import_fprint (c->ctrl, p+1, n-1, opt.keyserver, 1);
+ tried_ks_by_fpr = 1;
glo_ctrl.in_auto_key_retrieve--;
if (!res)
rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey, &pk);
@@ -1933,6 +1936,7 @@ check_sig_and_print (CTX c, kbnode_t node)
* keyserver. */
if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
&& (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE)
+ && !tried_ks_by_fpr
&& keyserver_any_configured (c->ctrl))
{
int res;
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list