gpgsm: Add --always-trust feature.

* sm/gpgsm.h (opt): Re-purpose unused flag always_trust.
(struct server_control_s): Add "always_trust".
(VALIDATE_FLAG_BYPASS): New.
* sm/gpgsm.c (oAlwaysTrust): New.
(opts): Add "--always-trust"
(main): Set option.
* sm/server.c (option_handler): Add option "always-trust".
(reset_notify): Clear that option.
(cmd_encrypt): Ditto.
(cmd_getinfo): Add sub-command always-trust.
* sm/certchain.c (gpgsm_validate_chain): Handle VALIDATE_FLAG_BYPASS.
* sm/certlist.c (gpgsm_add_to_certlist): Set that flag for recipients
in always-trust mode.
--

GnuPG-bug-id: 6559

1 files changed, 11 insertions, 3 deletions

diff --git a/sm/certchain.c b/sm/certchain.c
index 84dbed696..9d0fe684b 100644
--- a/sm/certchain.c
+++ b/sm/certchain.c
@@ -2199,9 +2199,15 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime,
 
   memset (&rootca_flags, 0, sizeof rootca_flags);
 
-  rc = do_validate_chain (ctrl, cert, checktime,
-                          r_exptime, listmode, listfp, flags,
-                          &rootca_flags);
+  if ((flags & VALIDATE_FLAG_BYPASS))
+    {
+      *retflags |= VALIDATE_FLAG_BYPASS;
+      rc = 0;
+    }
+  else
+    rc = do_validate_chain (ctrl, cert, checktime,
+                            r_exptime, listmode, listfp, flags,
+                            &rootca_flags);
   if (!rc && (flags & VALIDATE_FLAG_STEED))
     {
       *retflags |= VALIDATE_FLAG_STEED;
@@ -2223,6 +2229,8 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime,
 
   if (opt.verbose)
     do_list (0, listmode, listfp, _("validation model used: %s"),
+             (*retflags & VALIDATE_FLAG_BYPASS)?
+             "bypass" :
              (*retflags & VALIDATE_FLAG_STEED)?
              "steed" :
              (*retflags & VALIDATE_FLAG_CHAIN_MODEL)?