diff options
| author | Daniel Kahn Gillmor via Gnupg-devel <[email protected]> | 2025-01-31 17:37:16 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2025-02-03 10:20:17 +0000 |
| commit | 54a8770aeb20eb9e18b5e95e51c376ec7820f8f6 (patch) | |
| tree | c0d849f4c171ba7d88c3ef3565fdb7182e260d39 | |
| parent | gpgsm: Allow unattended PKCS#12 export without passphrase. (diff) | |
| download | gnupg-54a8770aeb20eb9e18b5e95e51c376ec7820f8f6.tar.gz gnupg-54a8770aeb20eb9e18b5e95e51c376ec7820f8f6.zip | |
gpg: --compliance=rfc2440 does not require cross-certification
* g10/gpg.c (set_compliance_option): clear
opt.flags.require_cross_cert with oRFC2440
--
This aligns with the expectations in RFC 2440, which doesn't specify
any cross-certifications. As doc/gpg.texi says: "This is dangerous",
but it aligns with the specification.
The comment above says that 4880 is the same as 2440, "but with [...]
--require-cross-certification", so we align the code with the intent
from the comment. It looks like opt.require_cross_cert was turned on
by default after that comment (and the oRFC2440 section) was written,
but the oRFC2440 section was never updated to turn it off.
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
| -rw-r--r-- | g10/gpg.c | 1 |
1 files changed, 1 insertions, 0 deletions
@@ -2302,6 +2302,7 @@ set_compliance_option (enum cmd_and_opt_values option) case oRFC2440: opt.compliance = CO_RFC2440; opt.flags.dsa2 = 0; + opt.flags.require_cross_cert = 0; opt.rfc2440_text = 1; opt.allow_non_selfsigned_uid = 1; opt.allow_freeform_uid = 1; |