g10: Still check if the key is an UTK or cross signed in batch mode.
authorNeal H. Walfield <neal@g10code.com>
Thu, 13 Oct 2016 10:38:19 +0000 (12:38 +0200)
committerNeal H. Walfield <neal@g10code.com>
Thu, 13 Oct 2016 10:40:03 +0000 (12:40 +0200)
* g10/tofu.c (get_trust): If POLICY is ask, but we can't ask, don't
bail immediately.  Instead, check if the key in question is an
ultimately trusted key or cross signed.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
g10/tofu.c

index b9416d5..8184c6f 100644 (file)
@@ -2131,12 +2131,6 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
 
     case TOFU_POLICY_ASK:
       /* We need to ask the user what to do.  Case #1 or #2 below.  */
-      if (! may_ask)
-       {
-         trust_level = TRUST_UNDEFINED;
-         goto out;
-       }
-
       break;
 
     case TOFU_POLICY_NONE:
@@ -2296,18 +2290,19 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
 
   if (! may_ask)
     {
-      /* We can only get here in the third case (no saved policy) and
-       * if there is a conflict.  (If the policy was ask (cases #1 and
-       * #2) and we weren't allowed to ask, we'd have already exited).  */
-      log_assert (policy == TOFU_POLICY_NONE);
-
-      if (record_binding (dbs, fingerprint, email, user_id,
-                         TOFU_POLICY_ASK,
-                          conflict_set && conflict_set->next
-                          ? conflict_set->next->d : NULL,
-                          0, now) != 0)
-       log_error (_("error setting TOFU binding's trust level to %s\n"),
-                  "ask");
+      log_assert (policy == TOFU_POLICY_NONE || policy == TOFU_POLICY_ASK);
+      if (policy == TOFU_POLICY_NONE)
+        {
+          /* We get here in the third case (no saved policy) and if
+           * there is a conflict.  */
+          if (record_binding (dbs, fingerprint, email, user_id,
+                              TOFU_POLICY_ASK,
+                              conflict_set && conflict_set->next
+                              ? conflict_set->next->d : NULL,
+                              0, now) != 0)
+            log_error (_("error setting TOFU binding's trust level to %s\n"),
+                       "ask");
+        }
 
       trust_level = TRUST_UNDEFINED;
       goto out;