From 283e213a610106c26cdace82b22eb93f2aa2db72 Mon Sep 17 00:00:00 2001 From: Damien Stuart Date: Sat, 14 Jul 2012 10:13:26 -0400 Subject: [PATCH] Added gpg validity check. Tweak to rpm spec file. --- fwknop.spec | 4 ++-- lib/fko_context.h | 1 + lib/gpgme_funcs.c | 3 ++- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/fwknop.spec b/fwknop.spec index f6338e8e..f31b9cd2 100644 --- a/fwknop.spec +++ b/fwknop.spec @@ -24,9 +24,9 @@ URL: http://www.cipherdyne.org/fwknop/ Source0: fwknop-%{version}.tar.gz BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) -BuildRequires: gpg, gpgme-devel, libpcap-devel, gdbm-devel +BuildRequires: gpg, gpgme-devel, libpcap-devel, gdbm-devel, iptables -Requires: libfko +Requires: libfko, iptables %package -n libfko diff --git a/lib/fko_context.h b/lib/fko_context.h index 8a98b557..969a4412 100644 --- a/lib/fko_context.h +++ b/lib/fko_context.h @@ -41,6 +41,7 @@ struct fko_gpg_sig { struct fko_gpg_sig *next; gpgme_sigsum_t summary; gpgme_error_t status; + gpgme_validity_t validity; char *fpr; }; diff --git a/lib/gpgme_funcs.c b/lib/gpgme_funcs.c index 42363885..a2299d4d 100644 --- a/lib/gpgme_funcs.c +++ b/lib/gpgme_funcs.c @@ -137,6 +137,7 @@ process_sigs(fko_ctx_t fko_ctx, gpgme_verify_result_t vres) */ fgs->summary = sig->summary; fgs->status = sig->status; + fgs->validity = sig->validity; /* Grab the signature fingerprint. */ @@ -168,7 +169,7 @@ process_sigs(fko_ctx_t fko_ctx, gpgme_verify_result_t vres) */ fgs = fko_ctx->gpg_sigs; - if(fgs->status != GPG_ERR_NO_ERROR) { + if(fgs->status != GPG_ERR_NO_ERROR || fgs->validity < 3) { fko_ctx->gpg_err = fgs->status; return(FKO_ERROR_GPGME_BAD_SIGNATURE);