From 776876ce1c4c5da3a0fe1dc538fc7a67cf18c054 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 31 Aug 2023 11:13:38 +0200
Subject: gpgsm: Add --always-trust feature.

* sm/gpgsm.h (opt): Re-purpose unused flag always_trust.
(struct server_control_s): Add "always_trust".
(VALIDATE_FLAG_BYPASS): New.
* sm/gpgsm.c (oAlwaysTrust): New.
(opts): Add "--always-trust"
(main): Set option.
* sm/server.c (option_handler): Add option "always-trust".
(reset_notify): Clear that option.
(cmd_encrypt): Ditto.
(cmd_getinfo): Add sub-command always-trust.
* sm/certchain.c (gpgsm_validate_chain): Handle VALIDATE_FLAG_BYPASS.
* sm/certlist.c (gpgsm_add_to_certlist): Set that flag for recipients
in always-trust mode.
--

GnuPG-bug-id: 6559
---
 sm/certlist.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'sm/certlist.c')

diff --git a/sm/certlist.c b/sm/certlist.c
index fdf31a198..53d90ac30 100644
--- a/sm/certlist.c
+++ b/sm/certlist.c
@@ -448,6 +448,11 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret,
 
           if (!rc && !is_cert_in_certlist (cert, *listaddr))
             {
+              unsigned int valflags = 0;
+
+              if (!secret && (opt.always_trust || ctrl->always_trust))
+                valflags |= VALIDATE_FLAG_BYPASS;
+
               if (!rc && secret)
                 {
                   char *p;
@@ -461,9 +466,10 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret,
                       xfree (p);
                     }
                 }
+
               if (!rc)
                 rc = gpgsm_validate_chain (ctrl, cert, GNUPG_ISOTIME_NONE, NULL,
-                                           0, NULL, 0, NULL);
+                                           0, NULL, valflags, NULL);
               if (!rc)
                 {
                   certlist_t cl = xtrycalloc (1, sizeof *cl);
-- 
cgit v1.2.3