$ret->{message} = sprintf('public key size is less than 1000 bits (was: %d bits)', $cert->pubkey_size());
} else {
$ret->{message} = sprintf('Failed to validate "%s" through the OpenPGP Web of Trust.', $uid);
-
+ my $ks_checked = 0;
+ if (get_keyserver_policy() eq 'always') {
+ fetch_uid_from_keyserver($uid);
+ $ks_checked = 1;
+ }
+ my $afterlocalpass = 0;
+ my $foundvalid = 0;
# needed because $gnupg spawns child processes
$ENV{PATH} = '/usr/local/bin:/usr/bin:/bin';
- # FIXME: check keyservers?
- foreach my $gpgkey ($gnupg->get_public_keys('='.$uid)) {
- my $notvalid = 1;
- my $marginal = 0;
- if ($gpgkey->usage_flags =~ /A/) {
- # we're only interested in keys that might have a valid
- # authentication key/subkey:
-
+ while (1) {
-
+ if ($afterlocalpass) {
+ # while loop termination condition:
+ last if ($foundvalid || $ks_checked || get_keyserver_policy() eq 'never');
+ fetch_uid_from_keyserver($uid);
+ $ks_checked = 1;
+ }
+ foreach my $gpgkey ($gnupg->get_public_keys('='.$uid)) {
+ my $notvalid = 1;
++ my $marginal = 0;
foreach my $tryuid ($gpgkey->user_ids) {
if ($tryuid->as_string eq $uid) {
$notvalid = 0
if ($tryuid->validity eq 'f' ||
$tryuid->validity eq 'u');
+ $marginal = 1
+ if ($tryuid->validity eq 'm');
}
}
- if ($notvalid) {
+ if ($marginal and $notvalid) {
+ # MJGOINS
+ } elsif ($notvalid) {
msvalog('verbose', "got a key that was not fully-valid for UID %s\n", $uid);
+ msvalog('debug', Dumper($gpgkey));
} else {
+ $foundvalid = 1;
if ($gpgkey->usage_flags =~ /a/) {
msvalog('verbose', "primary key 0x%s is authentication-capable\n", $gpgkey->hex_id);
if (keycomp($key, $gpgkey)) {