diff options
| -rw-r--r-- | openpgp/src/cert/amalgamation/key.rs | 12 | ||||
| -rw-r--r-- | openpgp/src/cert/mod.rs | 12 |
2 files changed, 12 insertions, 12 deletions
diff --git a/openpgp/src/cert/amalgamation/key.rs b/openpgp/src/cert/amalgamation/key.rs index 51919f7e..86061173 100644 --- a/openpgp/src/cert/amalgamation/key.rs +++ b/openpgp/src/cert/amalgamation/key.rs @@ -1338,7 +1338,7 @@ impl<'a, P, R, R2> ValidKeyAmalgamation<'a, P, R, R2> // userid. We need to be careful not to change the // primary userid, so we make it explicit using the // primary userid subpacket. - for userid in self.cert().userids() { + for userid in self.cert().userids().revoked(false) { // To extend the validity of the subkey, create a new // binding signature with updated key validity period. let binding_signature = userid.binding_signature(); @@ -1375,11 +1375,11 @@ impl<'a, P, R, R2> ValidKeyAmalgamation<'a, P, R, R2> /// key to expire at the specified time when integrated into the /// certificate. For subkeys, only a single `Signature` is /// returned. For the primary key, however, it is necessary to - /// create a new self-signature for each User ID, and to create a - /// direct key signature. This is needed, because the primary - /// User ID is first consulted when determining the primary key's - /// expiration time, and certificates can be distributed with a - /// possibly empty subset of User IDs. + /// create a new self-signature for each non-revoked User ID, and + /// to create a direct key signature. This is needed, because the + /// primary User ID is first consulted when determining the + /// primary key's expiration time, and certificates can be + /// distributed with a possibly empty subset of User IDs. /// /// Setting a key's expiry time means updating an existing binding /// signature---when looking up information, only one binding diff --git a/openpgp/src/cert/mod.rs b/openpgp/src/cert/mod.rs index d55fa93b..9c8883b2 100644 --- a/openpgp/src/cert/mod.rs +++ b/openpgp/src/cert/mod.rs @@ -930,12 +930,12 @@ impl Cert { /// /// This function creates new binding signatures that cause the /// certificate to expire at the specified time. Specifically, it - /// updates the current binding signature on each of the valid - /// User IDs, and the direct key signature, if any. This is - /// necessary, because the primary User ID is first consulted when - /// determining the certificate's expiration time, and - /// certificates can be distributed with a possibly empty subset - /// of User IDs. + /// updates the current binding signature on each of the valid, + /// non-revoked User IDs, and the direct key signature, if any. + /// This is necessary, because the primary User ID is first + /// consulted when determining the certificate's expiration time, + /// and certificates can be distributed with a possibly empty + /// subset of User IDs. /// /// A policy is needed, because the expiration is updated by /// updating the current binding signatures. |