Skip to content

Commit

Permalink
Relax the self-signature requirement.
Browse files Browse the repository at this point in the history 
  - When we verify a data signature, we canonicalize the signer's
    certificate to look as it did at the time of the data signature.

  - When exporting a certificate, GnuPG strips old self signatures.

  - This means that when a certificate's expiration time is extended,
    say, we are no longer able to verify old data signatures, because
    the certificate is not considered to be valid as of the data
    signature's creation time!

  - Relax this requirement.  Also allow a certificate, if it can be
    canonicalized as of the current time.

  - Fixes #50.
  • Loading branch information
@nwalfield
nwalfield committed Aug 28, 2023
1 parent 9a5a387 commit ed4d12b
Showing 1 changed file with 10 additions and 11 deletions.
21 changes: 10 additions & 11 deletions src/lib.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -802,19 +802,10 @@ fn pgp_verify_signature(key: Option<&PgpDigParams>,
// time.
let p = &*P.read().unwrap();
let vc = cert.with_policy(p, sig_time)
.or_else(|err| {
legacy = true;
add_lint!(
Some(err),
"Certificate {} invalid: policy violation",
cert.keyid());
cert.with_policy(NP, sig_time)
})
.or_else(|err| {
// Try again, but use the current time as a reference
// time. This is necessary if older self-signatures
// are stripped.
legacy = true;
// time. It is quite comment for old self-signatures
// to be stripped.
match cert.with_policy(p, None) {
Ok(vc) => {
add_lint!(
Expand All @@ -833,6 +824,14 @@ fn pgp_verify_signature(key: Option<&PgpDigParams>,
Err(err2)
}
}
})
.or_else(|err| {
legacy = true;
add_lint!(
Some(err),
"Certificate {} invalid: policy violation",
cert.keyid());
cert.with_policy(NP, sig_time)
})?;

if let Err(err) = vc.alive() {
Expand Down

0 comments on commit ed4d12b

Please sign in to comment.