diff options
| author | Werner Koch <[email protected]> | 2023-04-03 12:06:36 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2023-09-07 15:14:10 +0000 |
| commit | 6d45fcdd3c3e8d039b05f7276e7619c19fc957d1 (patch) | |
| tree | 9a22de271566e261ce18b839d55e4ab509ffaf98 | |
| parent | agent: New flag "qual" for the trustlist.txt. (diff) | |
| download | gnupg-6d45fcdd3c3e8d039b05f7276e7619c19fc957d1.tar.gz gnupg-6d45fcdd3c3e8d039b05f7276e7619c19fc957d1.zip | |
agent: Add trustlist flag "de-vs".
* agent/trustlist.c (struct trustitem_s): Add field de_vs.
(read_one_trustfile): Parse it.
(istrusted_internal): Emit TRUSTLISTFLAG status line.
* sm/gpgsm.h (struct rootca_flags_s): Add field de_vs.
* sm/call-agent.c (istrusted_status_cb): Detect the flags.
* sm/sign.c (write_detached_signature): Remove unused vars.
--
Right now this flag has no effect; we first need to specify the exact
behaviour.
GnuPG-bug-id: 5079
(cherry picked from commit a5360ae4c7bfe6df6754409d5bd5c5a521ae5e6f)
| -rw-r--r-- | agent/trustlist.c | 8 | ||||
| -rw-r--r-- | doc/gpg-agent.texi | 5 | ||||
| -rw-r--r-- | sm/call-agent.c | 2 | ||||
| -rw-r--r-- | sm/gpgsm.h | 1 |
4 files changed, 15 insertions, 1 deletions
diff --git a/agent/trustlist.c b/agent/trustlist.c index d98da0c21..5617370a8 100644 --- a/agent/trustlist.c +++ b/agent/trustlist.c @@ -46,6 +46,7 @@ struct trustitem_s constraints. */ int cm:1; /* Use chain model for validation. */ int qual:1; /* Root CA for qualified signatures. */ + int de_vs:1; /* Root CA for de-vs compliant PKI. */ } flags; unsigned char fpr[20]; /* The binary fingerprint. */ }; @@ -325,6 +326,8 @@ read_one_trustfile (const char *fname, int systrust, ti->flags.cm = 1; else if (n == 4 && !memcmp (p, "qual", 4) && systrust) ti->flags.qual = 1; + else if (n == 4 && !memcmp (p, "de-vs", 4) && systrust) + ti->flags.de_vs = 1; else log_error ("flag '%.*s' in '%s', line %d ignored\n", n, p, fname, lnr); @@ -477,7 +480,8 @@ istrusted_internal (ctrl_t ctrl, const char *fpr, int *r_disabled, in a locked state. */ if (already_locked) ; - else if (ti->flags.relax || ti->flags.cm || ti->flags.qual) + else if (ti->flags.relax || ti->flags.cm || ti->flags.qual + || ti->flags.de_vs) { unlock_trusttable (); locked = 0; @@ -488,6 +492,8 @@ istrusted_internal (ctrl_t ctrl, const char *fpr, int *r_disabled, err = agent_write_status (ctrl,"TRUSTLISTFLAG", "cm", NULL); if (!err && ti->flags.qual) err = agent_write_status (ctrl,"TRUSTLISTFLAG", "qual",NULL); + if (!err && ti->flags.de_vs) + err = agent_write_status (ctrl,"TRUSTLISTFLAG", "de-vs",NULL); } if (!err) diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index 05eb066a5..463b6a6b5 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -829,6 +829,11 @@ This flag has an effect only if used in the global list. This is now the preferred way to mark such CA; the old way of having a separate file @file{qualified.txt} is still supported. +@item de-vs +The CA is part of an approved PKI for the German classification level +VS-NfD. It is only valid in the global trustlist. As of now this is +used only for documentation purpose. + @end table diff --git a/sm/call-agent.c b/sm/call-agent.c index 5e56371fd..5cbaf33b0 100644 --- a/sm/call-agent.c +++ b/sm/call-agent.c @@ -874,6 +874,8 @@ istrusted_status_cb (void *opaque, const char *line) flags->chain_model = 1; else if (has_leading_keyword (line, "qual")) flags->qualified = 1; + else if (has_leading_keyword (line, "de-vs")) + flags->de_vs = 1; } return 0; } diff --git a/sm/gpgsm.h b/sm/gpgsm.h index b826fa814..7038e0ea8 100644 --- a/sm/gpgsm.h +++ b/sm/gpgsm.h @@ -262,6 +262,7 @@ struct rootca_flags_s unsigned int relax:1; /* Relax checking of root certificates. */ unsigned int chain_model:1; /* Root requires the use of the chain model. */ unsigned int qualified:1; /* Root CA used for qualfied signatures. */ + unsigned int de_vs:1; /* Root CA is de-vs compliant. */ }; |