g10: If the set of UTKs changes, invalidate any changed policies.
authorNeal H. Walfield <neal@g10code.com>
Tue, 22 Nov 2016 14:05:59 +0000 (15:05 +0100)
committerNeal H. Walfield <neal@g10code.com>
Tue, 22 Nov 2016 14:24:05 +0000 (15:24 +0100)
commit44c17bcb003a3330f595a6ab144e8439b7b630cb
treeb64a6ba54422757471166b2a54f0aa773412681d
parent5c2db9dedfe9dbb14ffec24751ca23a69cead94e
g10: If the set of UTKs changes, invalidate any changed policies.

* g10/trustdb.c (tdb_utks): New function.
* g10/tofu.c (check_utks): New function.
(initdb): Call it.
* tests/openpgp/tofu.scm: Modify test to check the effective policy of
keys whose effective policy changes when we change the set of UTKs.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
If the set of ultimately trusted keys changes, then it is possible
that a binding's effective policy changes.  To deal with this, we
detect when the set of ultimately trusted keys changes and invalidate
all cached policies.
g10/tofu.c
g10/trustdb.c
g10/trustdb.h
tests/openpgp/tofu.scm