From df0fed39bc9bfc0b4762088725d052485e53ede5 Mon Sep 17 00:00:00 2001 From: "Neal H. Walfield" Date: Mon, 22 Jan 2024 15:42:53 +0100 Subject: [PATCH] Don't eagerly reject expired or revoked certificates. - Even if a certificate is expired or revoked, it doesn't mean that it is completely useless. If a signature was made before the certificate expired, or before any soft revocation, then it may still be valid. - This is safe, because we still check that a certificate is valid when we check a signature. - Fixes #59. --- src/lib.rs | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index 5c9f6d7..bf6fb18 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -1672,7 +1672,6 @@ fn _pgpPubKeyLint(pkts: *const c_char, unspecified reason"); } } - break 'done false; } if let Err(err) = vc.alive() { @@ -1685,7 +1684,6 @@ fn _pgpPubKeyLint(pkts: *const c_char, err)); } } - break 'done false; } } };