From 963c3afaf1f9674d876465dd4bffc1c11ce1cb51 Mon Sep 17 00:00:00 2001
From: Ruben Pollan <meskio@sindominio.net>
Date: Fri, 19 Dec 2014 08:15:43 -0600
Subject: Upgrade keys if not successfully used and strict high validation
 level

---
 src/leap/keymanager/validation.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'src/leap/keymanager/validation.py')

diff --git a/src/leap/keymanager/validation.py b/src/leap/keymanager/validation.py
index 87de2af..b3aff3e 100644
--- a/src/leap/keymanager/validation.py
+++ b/src/leap/keymanager/validation.py
@@ -60,7 +60,6 @@ def can_upgrade(new_key, old_key):
     :type old_key: EncryptionKey
     :rtype: bool
     """
-    # XXX not succesfully used and strict high validation level (#6211)
     # XXX implement key signature checking (#6120)
 
     # First contact
@@ -86,4 +85,9 @@ def can_upgrade(new_key, old_key):
             new_key.validation > old_key.validation):
         return True
 
+    # Not successfully used and strict high validation level
+    if (not (old_key.sign_used and old_key.encr_used) and
+            new_key.validation > old_key.validation):
+        return True
+
     return False
-- 
cgit v1.2.3