From 8a12a2000d82acfa881e8c18d028290100bf5e43 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Wed, 7 Dec 2011 16:15:15 +0100
Subject: gpgsm: Add new validation model "steed".

* sm/gpgsm.h (VALIDATE_FLAG_STEED): New.
* sm/gpgsm.c (gpgsm_parse_validation_model): Add model "steed".
* sm/server.c (option_handler): Allow validation model "steed".
* sm/certlist.c (gpgsm_cert_has_well_known_private_key): New.
* sm/certchain.c (do_validate_chain): Handle the
well-known-private-key attribute.  Support the "steed" model.
(gpgsm_validate_chain): Ditto.
* sm/verify.c (gpgsm_verify): Return "steed" in the trust status line.
* sm/keylist.c (list_cert_colon): Print the new 'w' flag.
--

This is the first part of changes to implement the STEED proposal as
described at http://g10code.com/steed.html .  The idea for X.509 is
not to use plain self-signed certificates but certificates signed by a
dummy CA (i.e. one for which the private key is known).  Having a
single CA as an indication for the use of STEED might help other X.509
implementations to implement STEED.
---
 sm/verify.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'sm/verify.c')

diff --git a/sm/verify.c b/sm/verify.c
index c77eb5744..1173f66d1 100644
--- a/sm/verify.c
+++ b/sm/verify.c
@@ -624,6 +624,8 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
       }
 
       gpgsm_status (ctrl, STATUS_TRUST_FULLY,
+                    (verifyflags & VALIDATE_FLAG_STEED)?
+                    "0 steed":
                     (verifyflags & VALIDATE_FLAG_CHAIN_MODEL)?
                     "0 chain": "0 shell");
 
-- 
cgit v1.2.3