summaryrefslogtreecommitdiff
path: root/methods
diff options
context:
space:
mode:
authorJulian Andres Klode <jak@debian.org>2016-03-15 10:56:05 +0100
committerJulian Andres Klode <jak@debian.org>2016-03-15 12:33:21 +0100
commit08fd77e83528fd03795524adf76e359ae2b56e06 (patch)
treeda69c1dc532c243b176eb3c225ad3ac074292fe5 /methods
parent56b4c93f60ebdb828bb8d0b9ea2db448560208f5 (diff)
methods/gpgv: Correctly handle weak signatures with multiple keys
We added weak signatures to BadSigners, meaning that a Release file signed by both a weak signature and a strong signature would be rejected; preventing people from migrating from DSA to RSA keys in a sane way. Instead of using BadSigners, treat weak signatures like expired keys: They are no good signatures, and they are worthless. Gbp-Dch: ignore
Diffstat (limited to 'methods')
-rw-r--r--methods/gpgv.cc7
1 files changed, 6 insertions, 1 deletions
diff --git a/methods/gpgv.cc b/methods/gpgv.cc
index 06e1612e6..de9dfea1e 100644
--- a/methods/gpgv.cc
+++ b/methods/gpgv.cc
@@ -159,7 +159,12 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
std::clog << "Got VALIDSIG, key ID: " << sig << std::endl;
// Reject weak digest algorithms
if (std::find(WeakDigests.begin(), WeakDigests.end(), tokens[7]) != WeakDigests.end())
- BadSigners.push_back(string(sig));
+ {
+ // Treat them like an expired key: For that a message about expiry
+ // is emitted, a VALIDSIG, but no GOODSIG.
+ WorthlessSigners.push_back("WEAKDIGEST " + string(sig));
+ GoodSigners.erase(std::remove(GoodSigners.begin(), GoodSigners.end(), string(sig)));
+ }
ValidSigners.push_back(string(sig));
}