=== modified file 'mandos'
--- mandos	2008-08-22 00:16:20 +0000
+++ mandos	2008-08-24 10:49:09 +0000
@@ -410,6 +410,16 @@
     gnutls.library.functions.gnutls_openpgp_crt_import\
                     (crt, ctypes.byref(datum),
                      gnutls.library.constants.GNUTLS_OPENPGP_FMT_RAW)
+    # Verify the self signature in the key
+    crtverify = ctypes.c_uint();
+    gnutls.library.functions.gnutls_openpgp_crt_verify_self\
+        (crt, ctypes.c_uint(0), ctypes.byref(crtverify))
+    if crtverify.value != 0:
+        tmp = open("/tmp/tmp.gpg", "w")
+        tmp.write(openpgp)
+        tmp.close()
+        gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
+        raise gnutls.errors.CertificateSecurityError("Verify failed")
     # New buffer for the fingerprint
     buffer = ctypes.create_string_buffer(20)
     buffer_length = ctypes.c_size_t()

=== modified file 'mandos-keygen'
--- mandos-keygen	2008-08-24 07:42:14 +0000
+++ mandos-keygen	2008-08-24 10:49:09 +0000
@@ -293,6 +293,7 @@
     
     cat <<-EOF
 	[$KEYNAME]
+	host = $KEYNAME
 	fingerprint = $FINGERPRINT
 	secret =
 EOF

=== modified file 'plugins.d/password-request.c'
--- plugins.d/password-request.c	2008-08-17 22:42:28 +0000
+++ plugins.d/password-request.c	2008-08-24 10:49:09 +0000
@@ -214,6 +214,34 @@
     fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
 	    gpgme_strsource(rc), gpgme_strerror(rc));
     plaintext_length = -1;
+    if (debug){
+      gpgme_decrypt_result_t result;
+      result = gpgme_op_decrypt_result(ctx);
+      if (result == NULL){
+	fprintf(stderr, "gpgme_op_decrypt_result failed\n");
+      } else {
+	fprintf(stderr, "Unsupported algorithm: %s\n",
+		result->unsupported_algorithm);
+	fprintf(stderr, "Wrong key usage: %u\n",
+		result->wrong_key_usage);
+	if(result->file_name != NULL){
+	  fprintf(stderr, "File name: %s\n", result->file_name);
+	}
+	gpgme_recipient_t recipient;
+	recipient = result->recipients;
+	if(recipient){
+	  while(recipient != NULL){
+	    fprintf(stderr, "Public key algorithm: %s\n",
+		    gpgme_pubkey_algo_name(recipient->pubkey_algo));
+	    fprintf(stderr, "Key ID: %s\n", recipient->keyid);
+	    fprintf(stderr, "Secret key available: %s\n",
+		    recipient->status == GPG_ERR_NO_SECKEY
+		    ? "No" : "Yes");
+	    recipient = recipient->next;
+	  }
+	}
+      }
+    }
     goto decrypt_end;
   }
   
@@ -221,35 +249,6 @@
     fprintf(stderr, "Decryption of OpenPGP data succeeded\n");
   }
   
-  if (debug){
-    gpgme_decrypt_result_t result;
-    result = gpgme_op_decrypt_result(ctx);
-    if (result == NULL){
-      fprintf(stderr, "gpgme_op_decrypt_result failed\n");
-    } else {
-      fprintf(stderr, "Unsupported algorithm: %s\n",
-	      result->unsupported_algorithm);
-      fprintf(stderr, "Wrong key usage: %u\n",
-	      result->wrong_key_usage);
-      if(result->file_name != NULL){
-	fprintf(stderr, "File name: %s\n", result->file_name);
-      }
-      gpgme_recipient_t recipient;
-      recipient = result->recipients;
-      if(recipient){
-	while(recipient != NULL){
-	  fprintf(stderr, "Public key algorithm: %s\n",
-		  gpgme_pubkey_algo_name(recipient->pubkey_algo));
-	  fprintf(stderr, "Key ID: %s\n", recipient->keyid);
-	  fprintf(stderr, "Secret key available: %s\n",
-		  recipient->status == GPG_ERR_NO_SECKEY
-		  ? "No" : "Yes");
-	  recipient = recipient->next;
-	}
-      }
-    }
-  }
-  
   /* Seek back to the beginning of the GPGME plaintext data buffer */
   if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){
     perror("pgpme_data_seek");
@@ -636,6 +635,8 @@
     } else {
       retval = -1;
     }
+  } else {
+    retval = -1;
   }
   
   /* Shutdown procedure */