From 08fd77e83528fd03795524adf76e359ae2b56e06 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Tue, 15 Mar 2016 10:56:05 +0100 Subject: methods/gpgv: Correctly handle weak signatures with multiple keys We added weak signatures to BadSigners, meaning that a Release file signed by both a weak signature and a strong signature would be rejected; preventing people from migrating from DSA to RSA keys in a sane way. Instead of using BadSigners, treat weak signatures like expired keys: They are no good signatures, and they are worthless. Gbp-Dch: ignore --- methods/gpgv.cc | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/methods/gpgv.cc b/methods/gpgv.cc index 06e1612e6..de9dfea1e 100644 --- a/methods/gpgv.cc +++ b/methods/gpgv.cc @@ -159,7 +159,12 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile, std::clog << "Got VALIDSIG, key ID: " << sig << std::endl; // Reject weak digest algorithms if (std::find(WeakDigests.begin(), WeakDigests.end(), tokens[7]) != WeakDigests.end()) - BadSigners.push_back(string(sig)); + { + // Treat them like an expired key: For that a message about expiry + // is emitted, a VALIDSIG, but no GOODSIG. + WorthlessSigners.push_back("WEAKDIGEST " + string(sig)); + GoodSigners.erase(std::remove(GoodSigners.begin(), GoodSigners.end(), string(sig))); + } ValidSigners.push_back(string(sig)); } -- cgit v1.2.3