agent: New flag "qual" for the trustlist.txt.

* agent/trustlist.c (struct trustitem_s): Add flag "qual". (read_one_trustfile): Rename arg "allow_include" to "systrust" and change callers. Parse new flag "qual". (istrusted_internal): Print all flags. * sm/call-agent.c (istrusted_status_cb): Detect the "qual" flag. * sm/gpgsm.h (struct rootca_flags_s): Add flag "qualified". * sm/certchain.c (do_validate_chain): Take care of the qualified flag.
author: Werner Koch <[email protected]> 2022-02-27 11:03:20 +0000
committer: Werner Koch <[email protected]> 2022-02-27 11:26:38 +0000
commit: 7c8c6060616ab91f5490e91a0fb9efc9aee9f58e (patch)
tree: 668b52ae34cf03c609fbd90ae086e99f693de110 /doc/gpg-agent.texi
parent: dimngr: Do not check the self-signature of a root CA cert. (diff)
download: gnupg-7c8c6060616ab91f5490e91a0fb9efc9aee9f58e.tar.gz
gnupg-7c8c6060616ab91f5490e91a0fb9efc9aee9f58e.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
index 6c2330dc6..6a3f0bf19 100644
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@@ -792,6 +792,12 @@ CRL checking for the root certificate.
 If validation of a certificate finally issued by a CA with this flag set
 fails, try again using the chain validation model.
 
+@item qual
+The CA is allowed to issue certificates for qualified signatures.
+This flag has an effect only if used in the global list.  This is now
+the preferred way to mark such CA; the old way of having a separate
+file @file{qualified.txt} is still supported.
+
 @end table
author	Werner Koch <[email protected]>	2022-02-27 11:03:20 +0000
committer	Werner Koch <[email protected]>	2022-02-27 11:26:38 +0000
commit	7c8c6060616ab91f5490e91a0fb9efc9aee9f58e (patch)
tree	668b52ae34cf03c609fbd90ae086e99f693de110 /doc/gpg-agent.texi
parent	dimngr: Do not check the self-signature of a root CA cert. (diff)
download	gnupg-7c8c6060616ab91f5490e91a0fb9efc9aee9f58e.tar.gz gnupg-7c8c6060616ab91f5490e91a0fb9efc9aee9f58e.zip