Support GPGME_ENCRYPT_ALWAYS_TRUST also for S/MIME.

* src/engine-gpgsm.c (gpgsm_encrypt): Send the always-trust options.

* tests/run-encrypt.c: Add option --always-trust.
--

Note that the run-encrypt test tool used to assume always-trust for
OpenPGP since 1.7.0 This bug has also been fixed by introducing the
explicit option.

GnuPG-bug-id: 6559

NEWS

@@ -1,6 +1,8 @@
-Noteworthy changes in version 1.22.1 (unreleased)
+Noteworthy changes in version 1.23.0 (unreleased)
 -------------------------------------------------
 
+ * Support GPGME_ENCRYPT_ALWAYS_TRUST also for S/MIME.  [T6559]
+
  * qt: Support refreshing keys via WKD.  [T6672]
 
  * Interface changes relative to the 1.22.0 release:
@@ -8,6 +10,7 @@ Noteworthy changes in version 1.22.1 (unreleased)
  qt: Protocol::wkdRefreshJob                NEW.
  qt: WKDRefreshJob                          NEW.
 
+
 Noteworthy changes in version 1.22.0 (2023-08-21)
 -------------------------------------------------
 

configure.ac

@@ -31,8 +31,8 @@ min_automake_version="1.14"
 # for the LT versions.
 m4_define([mym4_package],[gpgme])
 m4_define([mym4_major], [1])
-m4_define([mym4_minor], [22])
-m4_define([mym4_micro], [1])
+m4_define([mym4_minor], [23])
+m4_define([mym4_micro], [0])
 
 # Below is m4 magic to extract and compute the git revision number,
 # the decimalized short revision number, a beta version string and a

doc/gpgme.texi

@@ -6546,6 +6546,10 @@ recipients in @var{recp} should be trusted, even if the keys do not
 have a high enough validity in the keyring.  This flag should be used
 with care; in general it is not a good idea to use any untrusted keys.
 
+For the S/MIME (CMS) protocol this flag allows to encrypt to a
+certificate without running any checks on the validity of the
+certificate.
+
 @item GPGME_ENCRYPT_NO_ENCRYPT_TO
 @since{1.2.0}
 

src/engine-gpgsm.c

@@ -1255,7 +1255,7 @@ gpgsm_reset (void *engine)
 
   /* IF we have an active connection we must send a reset because we
      need to reset the list of signers.  Note that RESET does not
-     reset OPTION commands. */
+     reset all OPTION commands. */
   return (gpgsm->assuan_ctx
           ? gpgsm_assuan_simple_command (gpgsm, "RESET", NULL, NULL)
           : 0);
@@ -1547,6 +1547,17 @@ gpgsm_encrypt (void *engine, gpgme_key_t recp[], const char *recpstring,
 	return err;
     }
 
+  if ((flags & GPGME_ENCRYPT_ALWAYS_TRUST))
+    {
+      /* Note that a RESET and the actual operation resets the
+       * always-trust option.  To support older gnupg versions we
+       * ignore the unknown option error.  */
+      err = gpgsm_assuan_simple_command (gpgsm,
+                                         "OPTION always-trust", NULL, NULL);
+      if (err && gpg_err_code (err) != GPG_ERR_UNKNOWN_OPTION)
+        return err;
+    }
+
   err = send_input_size_hint (gpgsm, plain);
   if (err)
     return err;

tests/run-encrypt.c

@@ -147,6 +147,7 @@ show_usage (int ex)
          "  --key NAME         encrypt to key NAME\n"
          "  --keystring NAMES  encrypt to ';' delimited NAMES\n"
          "  --throw-keyids     use this option\n"
+         "  --always-trust     use this option\n"
          "  --no-symkey-cache  disable the use of that cache\n"
          "  --wrap             assume input is valid OpenPGP message\n"
          "  --symmetric        encrypt symmetric (OpenPGP only)\n"
@@ -180,7 +181,7 @@ main (int argc, char **argv)
   const char *directory = NULL;
   const char *output = NULL;
   int i;
-  gpgme_encrypt_flags_t flags = GPGME_ENCRYPT_ALWAYS_TRUST;
+  gpgme_encrypt_flags_t flags = 0;
   gpgme_off_t offset;
   int no_symkey_cache = 0;
   int diagnostics = 0;
@@ -263,6 +264,11 @@ main (int argc, char **argv)
           flags |= GPGME_ENCRYPT_THROW_KEYIDS;
           argc--; argv++;
         }
+      else if (!strcmp (*argv, "--always-trust"))
+        {
+          flags |= GPGME_ENCRYPT_ALWAYS_TRUST;
+          argc--; argv++;
+        }
       else if (!strcmp (*argv, "--wrap"))
         {
           flags |= GPGME_ENCRYPT_WRAP;