Commit 4ff8f446 authored by Yann Leboulanger's avatar Yann Leboulanger

[fedor] fix gpg signature when hash algo is not SHA-1. Fixes #7569

parent 61f27f12
......@@ -80,14 +80,21 @@ if HAVE_GPG:
def verify(self, str_, sign):
if str_ is None:
return ''
data = '-----BEGIN PGP SIGNED MESSAGE-----' + os.linesep
data = data + 'Hash: SHA1' + os.linesep + os.linesep
data = data + str_ + os.linesep
data = data + self._addHeaderFooter(sign, 'SIGNATURE')
result = super(GnuPG, self).verify(data)
if result.valid:
return result.key_id
# Hash algorithm is not transfered in the signed presence stanza so try
# all algorithms. Text name for hash algorithms from RFC 4880 - section 9.4
hash_algorithms = ['SHA512', 'SHA384', 'SHA256', 'SHA224', 'SHA1', 'RIPEMD160']
for algo in hash_algorithms:
data = os.linesep.join(
['-----BEGIN PGP SIGNED MESSAGE-----',
'Hash: ' + algo,
'',
str_,
self._addHeaderFooter(sign, 'SIGNATURE')]
)
result = super(GnuPG, self).verify(data)
if result.valid:
return result.key_id
return ''
def get_keys(self, secret=False):
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment