From 3ff9a743bf6faeb99e8ee6113fe54af4f34cc288 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 21 Apr 2005 09:33:07 +0000
Subject: * configure.ac: Do not build gpg by default.

* gpgsm.c: New options --{enable,disable}-trusted-cert-crl-check.
* certchain.c (gpgsm_validate_chain): Make use of it.

* certchain.c (gpgsm_validate_chain): Check revocations even for
expired certificates.  This is required because on signature
verification an expired key is fine whereas a revoked one is not.

* gpgconf-comp.c: Add gpgsm option disable-trusted-cert-crl-check.
---
 tools/gpgconf-comp.c | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'tools/gpgconf-comp.c')

diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c
index 5e6777e1f..c49d1dcbb 100644
--- a/tools/gpgconf-comp.c
+++ b/tools/gpgconf-comp.c
@@ -449,6 +449,9 @@ static gc_option_t gc_options_gpg_agent[] =
    { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
      "gnupg", "|FILE|read options from FILE",
      GC_ARG_TYPE_PATHNAME, GC_BACKEND_GPG_AGENT },
+   { "disable-scdaemon", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
+     "gnupg", "do not use the SCdaemon",
+     GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
 
    { "Debug",
      GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
@@ -651,6 +654,9 @@ static gc_option_t gc_options_gpgsm[] =
    { "disable-crl-checks", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
      "gnupg", "never consult a CRL",
      GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
+   { "disable-trusted-cert-crl-check", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
+     "gnupg", N_("do not check CRLs for root certificates"),
+     GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
    { "enable-ocsp", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
      "gnupg", "check validity using OCSP",
      GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
-- 
cgit v1.2.3