diff options
author | Justus Winter <justus@sequoia-pgp.org> | 2020-10-05 15:02:44 +0200 |
---|---|---|
committer | Justus Winter <justus@sequoia-pgp.org> | 2020-10-05 17:40:29 +0200 |
commit | 7afee60b7cf0f19559bfccd8c42fdc77f6b9c655 (patch) | |
tree | 429b9e0a092be951974db641c3741f855a6f40eb /openpgp/src/packet_pile.rs | |
parent | 3a5f081d18ab8a52c398727f807b2454377ba69c (diff) |
openpgp: Improve cert canonicalization.
- Previously, a bad self-signature was mistakenly classified as
third-party-signature by the hash-prefix heuristic. For example,
a missing primary key binding signature on a self-signature causes
the verification to fail, but the hash-prefix heuristic (which
does not consider the missing primary key binding signature)
attributes it to the subkey as a third-party-signature.
- Use issuer information to distinguish between self-signatures and
third-party-signatures, then use this information to limit the
sorting heuristic to the corresponding buckets.
Diffstat (limited to 'openpgp/src/packet_pile.rs')
-rw-r--r-- | openpgp/src/packet_pile.rs | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/openpgp/src/packet_pile.rs b/openpgp/src/packet_pile.rs index cebf4ab2..5cebda45 100644 --- a/openpgp/src/packet_pile.rs +++ b/openpgp/src/packet_pile.rs @@ -83,8 +83,9 @@ use crate::parse::Cookie; /// } /// /// let cert = Cert::try_from(pp)?; -/// if let CouldBe(_) = cert.revocation_status(policy, None) { +/// if let NotAsFarAsWeKnow = cert.revocation_status(policy, None) { /// // revocation signature is broken and the key is not definitely revoked +/// assert_eq!(cert.bad_signatures().len(), 1); /// } /// # else { /// # unreachable!(); |