From 6c26e593df51475921410ac97e9227df6b258618 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Tue, 13 Apr 2021 14:25:16 +0200
Subject: gpg: Do not use self-sigs-only for LDAP keyserver imports.

* dirmngr/ks-engine-ldap.c (ks_ldap_get): Print a SOURCE status.
* g10/options.h (opts): New field expl_import_self_sigs_only.
* g10/import.c (parse_import_options): Set it.
* g10/keyserver.c (keyserver_get_chunk): Add special options for LDAP.
--

I can be assumed that configured LDAP servers are somehow curated and
not affected by rogue key signatures as the HKP servers are.  Thus we
can allow the import of key signature from LDAP keyservers by default.

GnuPG-bug-id: 5387
---
 g10/options.h | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'g10/options.h')

diff --git a/g10/options.h b/g10/options.h
index 958d3fb87..fca23cb5c 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -256,6 +256,9 @@ struct
     unsigned int force_sign_key:1;
     /* On key generation do not set the ownertrust.  */
     unsigned int no_auto_trust_new_key:1;
+    /* The next flag is set internally iff IMPORT_SELF_SIGS_ONLY has
+     * been set by the user and is not the default value.  */
+    unsigned int expl_import_self_sigs_only:1;
   } flags;
 
   /* Linked list of ways to find a key if the key isn't on the local
-- 
cgit v1.2.3