diff options
| author | Daniel Kahn Gillmor via Gnupg-devel <[email protected]> | 2025-01-31 17:37:17 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2025-02-03 10:21:16 +0000 |
| commit | 0bdf5859935e3db15baaf5d0d96b723ddbd2acd5 (patch) | |
| tree | 9dac53c22b6af56f75645996c88818830cc290ac | |
| parent | gpg: --compliance=rfc2440 does not require cross-certification (diff) | |
| download | gnupg-0bdf5859935e3db15baaf5d0d96b723ddbd2acd5.tar.gz gnupg-0bdf5859935e3db15baaf5d0d96b723ddbd2acd5.zip | |
gpg: --compliance=gnupg restores default for policy-affected options
* g10/gpg.c (set_compliance_option): oGnuPG restores default
policy-affected options, moved from...
(main): ...here. Invoke set_compliance_option(oGnuPG) directly
instead of just setting opt.compliance.
--
Some of these default option values (flags.dsa2, rfc2440_text,
allow_non_selfsigned_uid, allow_freeform_uid) had to be inferrerd from
the fact that the opt struct is static and therefore initialized to
zero by the compiler.
With this change, --compliance=gnupg now completely reverts to the
defaults that were changed from other --compliance= options.
GnuPG-bug-id: T7501
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
| -rw-r--r-- | g10/gpg.c | 26 |
1 files changed, 16 insertions, 10 deletions
@@ -2320,7 +2320,22 @@ set_compliance_option (enum cmd_and_opt_values option) case oPGP7: opt.compliance = CO_PGP7; break; case oPGP8: opt.compliance = CO_PGP8; break; case oGnuPG: + /* set up default options affected by policy compliance: */ opt.compliance = CO_GNUPG; + opt.flags.dsa2 = 0; + opt.flags.require_cross_cert = 1; + opt.rfc2440_text = 0; + opt.allow_non_selfsigned_uid = 0; + opt.allow_freeform_uid = 0; + opt.escape_from = 1; + opt.not_dash_escaped = 0; + opt.def_cipher_algo = 0; + opt.def_digest_algo = 0; + opt.cert_digest_algo = 0; + opt.compress_algo = -1; + opt.s2k_mode = 3; /* iterated+salted */ + opt.s2k_digest_algo = 0; + opt.s2k_cipher_algo = DEFAULT_CIPHER_ALGO; break; case oDE_VS: @@ -2476,19 +2491,10 @@ main (int argc, char **argv) opt.command_fd = -1; /* no command fd */ opt.compress_level = -1; /* defaults to standard compress level */ opt.bz2_compress_level = -1; /* defaults to standard compress level */ - /* note: if you change these lines, look at oOpenPGP */ - opt.def_cipher_algo = 0; - opt.def_digest_algo = 0; - opt.cert_digest_algo = 0; - opt.compress_algo = -1; /* defaults to DEFAULT_COMPRESS_ALGO */ - opt.s2k_mode = 3; /* iterated+salted */ opt.s2k_count = 0; /* Auto-calibrate when needed. */ - opt.s2k_cipher_algo = DEFAULT_CIPHER_ALGO; opt.completes_needed = 1; opt.marginals_needed = 3; opt.max_cert_depth = 5; - opt.escape_from = 1; - opt.flags.require_cross_cert = 1; opt.import_options = (IMPORT_REPAIR_KEYS | IMPORT_COLLAPSE_UIDS | IMPORT_COLLAPSE_SUBKEYS); @@ -2524,7 +2530,7 @@ main (int argc, char **argv) opt.emit_version = 0; opt.weak_digests = NULL; opt.with_subkey_fingerprint = 1; - opt.compliance = CO_GNUPG; + set_compliance_option (oGnuPG); /* Check special options given on the command line. */ orig_argc = argc; |