Add an optional argument 'main_key_only' to crypto.cc:verify_ini_file_sig() and ini.cc:check_ini_sig(). The argument is 'false' by default. If it is 'true', validation uses the official cygwin signing key only. --- crypto.cc | 5 +++-- crypto.h | 3 ++- ini.cc | 5 +++-- 3 files changed, 8 insertions(+), 5 deletions(-)
diff --git a/crypto.cc b/crypto.cc index 5a10e16..6a97acb 100644 --- a/crypto.cc +++ b/crypto.cc @@ -429,7 +429,8 @@ add_key_from_sexpr (gcry_sexp_t key) /* Verify the signature on an ini file. Takes care of all key-handling. */ bool -verify_ini_file_sig (io_stream *ini_file, io_stream *ini_sig_file, HWND owner) +verify_ini_file_sig (io_stream *ini_file, io_stream *ini_sig_file, + HWND owner, bool main_key_only) { /* DSA public key in s-expr format. */ gcry_sexp_t dsa_key; @@ -629,7 +630,7 @@ verify_ini_file_sig (io_stream *ini_file, io_stream *ini_sig_file, HWND owner) // Well, we're actually there! Try it against the main key. rv = gcry_pk_verify (dsa_sig, dsa_hash, dsa_key); // If not that, try any supplied on the commandline. - if (rv != GPG_ERR_NO_ERROR) + if (rv != GPG_ERR_NO_ERROR && !main_key_only) { std::vector<gcry_sexp_t>::iterator it; for (it = keys_to_try.begin (); it < keys_to_try.end (); ++it) diff --git a/crypto.h b/crypto.h index 860df6c..9725b19 100644 --- a/crypto.h +++ b/crypto.h @@ -30,7 +30,8 @@ class io_stream; file in another. It is called from ini.cc/do_remote_ini() and returns true if the signature verified OK; if it returns false, you MUST NOT use the failed ini file - doubly so if it's a compressed stream! */ -extern bool verify_ini_file_sig (io_stream *ini_file, io_stream *ini_sig_file, HWND owner); +extern bool verify_ini_file_sig (io_stream *ini_file, io_stream *ini_sig_file, + HWND owner, bool main_key_only = false); /* 5.2.2. Version 3 Signature Packet Format diff --git a/ini.cc b/ini.cc index f021ed2..18ab2e3 100644 --- a/ini.cc +++ b/ini.cc @@ -172,7 +172,8 @@ decompress_ini (io_stream *ini_file) static io_stream* check_ini_sig (io_stream* ini_file, io_stream* ini_sig_file, - bool& sig_fail, const char* site, const char* sig_name, HWND owner) + bool& sig_fail, const char* site, const char* sig_name, + HWND owner, bool main_key_only = false) { /* Unless the NoVerifyOption is set, check the signature for the current setup and record the result. On a failed signature check @@ -192,7 +193,7 @@ check_ini_sig (io_stream* ini_file, io_stream* ini_sig_file, sig_fail = true; } } - else if (!verify_ini_file_sig (ini_file, ini_sig_file, owner)) + else if (!verify_ini_file_sig (ini_file, ini_sig_file, owner, main_key_only)) { note (owner, IDS_SIG_INVALID, sig_name, site); delete ini_sig_file; -- 2.15.1