openpgp: Improve cert canonicalization.

- Previously, a bad self-signature was mistakenly classified as third-party-signature by the hash-prefix heuristic. For example, a missing primary key binding signature on a self-signature causes the verification to fail, but the hash-prefix heuristic (which does not consider the missing primary key binding signature) attributes it to the subkey as a third-party-signature. - Use issuer information to distinguish between self-signatures and third-party-signatures, then use this information to limit the sorting heuristic to the corresponding buckets.
author: Justus Winter <justus@sequoia-pgp.org> 2020-10-05 15:02:44 +0200
committer: Justus Winter <justus@sequoia-pgp.org> 2020-10-05 17:40:29 +0200
commit: 7afee60b7cf0f19559bfccd8c42fdc77f6b9c655 (patch)
tree: 429b9e0a092be951974db641c3741f855a6f40eb /openpgp/src/packet_pile.rs
parent: 3a5f081d18ab8a52c398727f807b2454377ba69c (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/openpgp/src/packet_pile.rs b/openpgp/src/packet_pile.rs
index cebf4ab2..5cebda45 100644
--- a/openpgp/src/packet_pile.rs
+++ b/openpgp/src/packet_pile.rs
@@ -83,8 +83,9 @@ use crate::parse::Cookie;
 /// }
 ///
 /// let cert = Cert::try_from(pp)?;
-/// if let CouldBe(_) = cert.revocation_status(policy, None) {
+/// if let NotAsFarAsWeKnow = cert.revocation_status(policy, None) {
 ///     // revocation signature is broken and the key is not definitely revoked
+///     assert_eq!(cert.bad_signatures().len(), 1);
 /// }
 /// # else {
 /// #   unreachable!();
author	Justus Winter <justus@sequoia-pgp.org>	2020-10-05 15:02:44 +0200
committer	Justus Winter <justus@sequoia-pgp.org>	2020-10-05 17:40:29 +0200
commit	7afee60b7cf0f19559bfccd8c42fdc77f6b9c655 (patch)
tree	429b9e0a092be951974db641c3741f855a6f40eb /openpgp/src/packet_pile.rs
parent	3a5f081d18ab8a52c398727f807b2454377ba69c (diff)