Removed all the trustdb related code. It wasn't used and trustdbs are not

specified anywhere except pgp. Now we use the standard key rings.

5 files changed, 2 insertions, 214 deletions

diff --git a/libextra/gnutls_openpgp.c b/libextra/gnutls_openpgp.c
index d07df0cb78..5b3c2415ac 100644
--- a/libextra/gnutls_openpgp.c
+++ b/libextra/gnutls_openpgp.c
@@ -1062,35 +1062,6 @@ gnutls_certificate_set_openpgp_keyserver (gnutls_certificate_credentials_t
   return 0;
 }
 
-
-/**
- * gnutls_certificate_set_openpgp_trustdb - Used to set an GnuPG trustdb
- * @res: the destination context to save the data.
- * @trustdb: is the trustdb filename
- *
- * This funtion will set a GnuPG trustdb which will be used in key
- * verification functions. Only version 3 trustdb files are supported.
- *
- **/
-int
-gnutls_certificate_set_openpgp_trustdb (gnutls_certificate_credentials_t
-					res, const char *trustdb)
-{
-  if (!res || !trustdb)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-  
-  /* FIXME: We do not support the trustdb yet. */
-  gnutls_free (res->pgp_trustdb);
-  res->pgp_trustdb = gnutls_strdup (trustdb);
-  if (res->pgp_trustdb == NULL)
-    return GNUTLS_E_MEMORY_ERROR;
-
-  return 0;
-}
-
 /**
  * gnutls_openpgp_set_recv_key_function - Used to set a key retrieval callback for PGP keys
  * @session: a TLS session
diff --git a/libextra/openpgp/compat.c b/libextra/openpgp/compat.c
index 462eadfe86..ba4b7614bd 100644
--- a/libextra/openpgp/compat.c
+++ b/libextra/openpgp/compat.c
@@ -39,11 +39,6 @@
  * Verify all signatures in the certificate list. When the key
  * is not available, the signature is skipped.
  *
- * When the trustdb parameter is used, the function checks the
- * ownertrust of the key before the signatures are checked. It
- * is possible that the key was disabled or the owner is not trusted
- * at all. Then we don't check the signatures because it makes no sense.
- *
  * The return value is one of the CertificateStatus entries.
  *
  * NOTE: this function does not verify using any "web of trust". You
@@ -57,7 +52,6 @@ _gnutls_openpgp_verify_key (const gnutls_certificate_credentials_t cred,
   int ret = 0;
   gnutls_openpgp_key_t key = NULL;
   gnutls_openpgp_keyring_t ring = NULL;
-  gnutls_openpgp_trustdb_t tdb = NULL;
   unsigned int verify_ring = 0, verify_db = 0, verify_self = 0;
 
   if (!cert_list || cert_list_length != 1)
@@ -105,25 +99,6 @@ _gnutls_openpgp_verify_key (const gnutls_certificate_credentials_t cred,
 	}
     }
 
-  if (cred->pgp_trustdb)
-    { /* Use the trustDB */
-      ret = gnutls_openpgp_trustdb_init (&tdb);
-      if (ret < 0)
-	{
-	  gnutls_assert ();
-	  goto leave;
-	}
-
-      ret = gnutls_openpgp_trustdb_import_file (tdb, cred->pgp_trustdb);
-      if (ret < 0)
-	{
-	  gnutls_assert ();
-	  goto leave;
-	}
-
-      ret = gnutls_openpgp_key_verify_trustdb (key, tdb, 0, &verify_db);
-    }
-
   /* Now try the self signature. */
   ret = gnutls_openpgp_key_verify_self (key, 0, &verify_self);
   if (ret < 0)
@@ -135,14 +110,13 @@ _gnutls_openpgp_verify_key (const gnutls_certificate_credentials_t cred,
   *status = verify_self | verify_ring | verify_db;
 
   /* If we only checked the self signature. */
-  if (!cred->pgp_trustdb && !cred->keyring.data)
+  if (!cred->keyring.data)
     *status |= GNUTLS_CERT_SIGNER_NOT_FOUND;
 
   ret = 0;
 
 leave:
   gnutls_openpgp_key_deinit (key);
-  gnutls_openpgp_trustdb_deinit (tdb);
   gnutls_openpgp_keyring_deinit (ring);
 
   return ret;
diff --git a/libextra/openpgp/extras.c b/libextra/openpgp/extras.c
index b3375cb589..74dda8a5e2 100644
--- a/libextra/openpgp/extras.c
+++ b/libextra/openpgp/extras.c
@@ -22,7 +22,7 @@
  *
  */
 
-/* Functions on OpenPGP keyring and trustdb parsing
+/* Functions on OpenPGP keyring parsing
  */
 
 #include <gnutls_int.h>
@@ -173,75 +173,3 @@ gnutls_openpgp_keyring_import (gnutls_openpgp_keyring_t keyring,
   return _gnutls_map_cdk_rc (err);
 }
 
-
-/* TrustDB stuff.
- */
-
-/**
-  * gnutls_openpgp_trustdb_init - This function initializes a gnutls_openpgp_trustdb_t structure
-  * @trustdb: The structure to be initialized
-  *
-  * This function will initialize an OpenPGP trustdb structure. 
-  *
-  * Returns 0 on success.
-  *
-  **/
-int
-gnutls_openpgp_trustdb_init (gnutls_openpgp_trustdb_t * trustdb)
-{
-  *trustdb = gnutls_calloc (1, sizeof (gnutls_openpgp_trustdb_int));
-
-  if (*trustdb)
-    return 0; /* success */
-  return GNUTLS_E_MEMORY_ERROR;
-}
-
-/**
-  * gnutls_openpgp_trustdb_deinit - This function deinitializes memory used by a gnutls_openpgp_trustdb_t structure
-  * @trustdb: The structure to be initialized
-  *
-  * This function will deinitialize a CRL structure. 
-  *
-  **/
-void
-gnutls_openpgp_trustdb_deinit (gnutls_openpgp_trustdb_t trustdb)
-{
-  if (!trustdb)
-    return;
-
-  if (trustdb->st)
-    {
-      cdk_stream_close (trustdb->st);
-      trustdb->st = NULL;
-    }
-
-  gnutls_free (trustdb);
-}
-
-/**
-  * gnutls_openpgp_trustdb_import_file - This function will import a RAW or BASE64 encoded key
-  * @trustdb: The structure to store the parsed key.
-  * @file: The file that holds the trustdb.
-  *
-  * This function will convert the given RAW or Base64 encoded trustdb
-  * to the native gnutls_openpgp_trustdb_t format. The output will be stored in 'trustdb'.
-  *
-  * Returns 0 on success.
-  *
-  **/
-int
-gnutls_openpgp_trustdb_import_file (gnutls_openpgp_trustdb_t trustdb,
-				    const char *file)
-{
-  int rc;
-
-  rc = cdk_stream_open (file, &trustdb->st);
-  if (rc)
-    {
-      rc = _gnutls_map_cdk_rc (rc);
-      gnutls_assert ();
-      return rc;
-    }
-
-  return 0;
-}
diff --git a/libextra/openpgp/openpgp.h b/libextra/openpgp/openpgp.h
index 51ad60f5b0..620ebf6deb 100644
--- a/libextra/openpgp/openpgp.h
+++ b/libextra/openpgp/openpgp.h
@@ -37,13 +37,7 @@ typedef struct gnutls_openpgp_keyring_int
 } gnutls_openpgp_keyring_int;
 
 
-typedef struct gnutls_openpgp_trustdb_int
-{
-  cdk_stream_t st;
-} gnutls_openpgp_trustdb_int;
-
 typedef struct gnutls_openpgp_keyring_int *gnutls_openpgp_keyring_t;
-typedef struct gnutls_openpgp_trustdb_int *gnutls_openpgp_trustdb_t;
 
 int _gnutls_map_cdk_rc (int rc);
 int gnutls_openpgp_key_get_name (gnutls_openpgp_key_t key,
@@ -77,20 +71,10 @@ int gnutls_openpgp_keyring_check_id (gnutls_openpgp_keyring_t ring,
 				     const unsigned char keyid[8],
 				     unsigned int flags);
 
-void gnutls_openpgp_trustdb_deinit (gnutls_openpgp_trustdb_t trustdb);
-int gnutls_openpgp_trustdb_init (gnutls_openpgp_trustdb_t * trustdb);
-int gnutls_openpgp_trustdb_import_file (gnutls_openpgp_trustdb_t trustdb,
-					const char *file);
-
 int gnutls_openpgp_key_verify_ring (gnutls_openpgp_key_t key,
 				    gnutls_openpgp_keyring_t keyring,
 				    unsigned int flags, unsigned int *verify);
 
-int gnutls_openpgp_key_verify_trustdb (gnutls_openpgp_key_t key,
-				       gnutls_openpgp_trustdb_t trustdb,
-				       unsigned int flags,
-				       unsigned int *verify);
-
 int gnutls_openpgp_key_verify_self (gnutls_openpgp_key_t key,
 				    unsigned int flags, unsigned int *verify);
 
@@ -104,7 +88,6 @@ void gnutls_openpgp_privkey_deinit (gnutls_openpgp_privkey_t key);
 #else /* no opencdk */
 
 typedef void *gnutls_openpgp_keyring_t;
-typedef void *gnutls_openpgp_trustdb_t;
 
 #endif /* ENABLE_OPENPGP */
 
diff --git a/libextra/openpgp/pgpverify.c b/libextra/openpgp/pgpverify.c
index df22bd77aa..5d1af3f404 100644
--- a/libextra/openpgp/pgpverify.c
+++ b/libextra/openpgp/pgpverify.c
@@ -32,26 +32,6 @@
 #include <openpgp.h>
 #include <x509/verify.h>	/* lib/x509/verify.h */
 
-static int
-openpgp_get_key_trust (gnutls_openpgp_trustdb_t trustdb,
-		       gnutls_openpgp_key_t key, unsigned int *r_trustval)
-{
-  int rc;
-
-  /* FIXME: This operation is not supported any longer. */
-  
-  if (!trustdb || !key || !r_trustval)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-
-  *r_trustval = 0;
-  rc = 0;
-  
-  return rc;
-}
-
 
 /**
  * gnutls_openpgp_key_verify_ring - Verify all signatures in the key
@@ -163,51 +143,3 @@ gnutls_openpgp_key_verify_self (gnutls_openpgp_key_t key,
   return 0;
 }
 
-
-/**
- * gnutls_openpgp_key_verify_trustdb - Verify all signatures in the key
- * @key: the structure that holds the key.
- * @trustdb: holds the trustdb to check against
- * @flags: unused (should be 0)
- * @verify: will hold the certificate verification output.
- *
- * Checks if the key is revoked or disabled, in the trustdb.
- * The verification output will be put in @verify and will be
- * one or more of the gnutls_certificate_status_t enumerated elements bitwise or'd.
- *
- * GNUTLS_CERT_INVALID: A signature on the key is invalid.
- *
- * GNUTLS_CERT_REVOKED: The key has been revoked.
- *
- * Note that this function does not verify using any "web of
- * trust". You may use GnuPG for that purpose, or any other external
- * PGP application.
- *
- * Returns 0 on success.
- **/
-int
-gnutls_openpgp_key_verify_trustdb (gnutls_openpgp_key_t key,
-				   gnutls_openpgp_trustdb_t trustdb,
-				   unsigned int flags, unsigned int *verify)
-{
-  int rc;
-  
-  /* FIXME: The code currently does nothing. */
-  
-  if (!key)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_NO_CERTIFICATE_FOUND;
-    }
-
-  if (!trustdb)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-
-  rc = openpgp_get_key_trust (trustdb, key, verify);
-  if (rc)
-    gnutls_assert ();
-  return rc;
-}