SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 11:55:40 +01:00
Code Issues Releases Activity Actions

Improve PGP fingerprint handling

Browse source 
Warn if no fingerprint is specified and give more details, if
fingerprint comparison fails.

Closes #555
This commit is contained in:
koplas 2024-08-08 12:17:58 +02:00
parent 8feddc70e1
commit 9037574d96
No known key found for this signature in database
2 changed files with 13 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

7
cmd/csaf_downloader/downloader.go
View file

@ -366,10 +366,15 @@ func (d *downloader) loadOpenPGPKeys(
continue
}
if key.Fingerprint == "" {
slog.Warn("No fingerprint for public OpenPGP key found.")
continue
}
if !strings.EqualFold(ckey.GetFingerprint(), string(key.Fingerprint)) {
slog.Warn(
"Fingerprint of public OpenPGP key does not match remotely loaded",
"url", u)
"url", u, "fingerprint", key.Fingerprint, "remote-fingerprint", ckey.GetFingerprint())
continue
}
if d.keys == nil {