Package: libgnupg-perl Version: 0.9-6 Severity: normal thanks Yo!
Verifying a signature, I run into 'protocol error: expected VALIDSIG' -
closer examination shows that gnupg reports the POLICY_URL first (which, I
guess, should be either silently ignored or, better yet, be stuck into a
part of the result hash. Something like this:
--- GnuPG.pm.orig 2005-06-28 10:24:12.000000000 +0200
+++ GnuPG.pm 2005-06-28 10:39:10.000000000 +0200
@@ -628,6 +628,12 @@
my ( $keyid, $name ) = split /\s+/, $arg, 2;
( $cmd, $arg ) = $self->read_from_status;
+ my $policy_url = undef;
+ if ( $cmd =~ /POLICY_URL/ ) {
+ $policy_url = $arg;
+ ( $cmd, $arg ) = $self->read_from_status;
+ }
+
$self->abort_gnupg ( "protocol error: expected VALIDSIG" )
unless $cmd =~ /VALIDSIG/;
my ( $fingerprint ) = split /\s+/, $arg, 2;
@@ -644,6 +650,7 @@
user => $name,
fingerprint => $fingerprint,
trust => $trust,
+ policy_url => $policy_url,
};
}
I expect the same problem would again show up for policy notations. I've
not hacked this up because I don't use notations, and because the code
would be more complicated, as it would need to deal with ordering issues (I
guess that the order of various extensions like this could vary depending
on how they are in the signature.)
cheers
-- vbi
--
"It is better for civilization to be going down the drain than to be
coming up it."
-- Henry Allen
pgpEIqg2fxEV8.pgp
Description: PGP signature
