diff options
| author | Werner Koch <[email protected]> | 2023-08-31 09:13:38 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2023-08-31 10:30:26 +0000 |
| commit | 776876ce1c4c5da3a0fe1dc538fc7a67cf18c054 (patch) | |
| tree | 45ffc94f904bc7158f32f6708b928ea2d9b80a9f /sm/gpgsm.h | |
| parent | doc: Add some hints for AD queries. (diff) | |
| download | gnupg-776876ce1c4c5da3a0fe1dc538fc7a67cf18c054.tar.gz gnupg-776876ce1c4c5da3a0fe1dc538fc7a67cf18c054.zip | |
gpgsm: Add --always-trust feature.
* sm/gpgsm.h (opt): Re-purpose unused flag always_trust.
(struct server_control_s): Add "always_trust".
(VALIDATE_FLAG_BYPASS): New.
* sm/gpgsm.c (oAlwaysTrust): New.
(opts): Add "--always-trust"
(main): Set option.
* sm/server.c (option_handler): Add option "always-trust".
(reset_notify): Clear that option.
(cmd_encrypt): Ditto.
(cmd_getinfo): Add sub-command always-trust.
* sm/certchain.c (gpgsm_validate_chain): Handle VALIDATE_FLAG_BYPASS.
* sm/certlist.c (gpgsm_add_to_certlist): Set that flag for recipients
in always-trust mode.
--
GnuPG-bug-id: 6559
Diffstat (limited to 'sm/gpgsm.h')
| -rw-r--r-- | sm/gpgsm.h | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/sm/gpgsm.h b/sm/gpgsm.h index e1aca8bb7..a22327edc 100644 --- a/sm/gpgsm.h +++ b/sm/gpgsm.h @@ -116,8 +116,6 @@ struct int extra_digest_algo; /* A digest algorithm also used for verification of signatures. */ - int always_trust; /* Trust the given keys even if there is no - valid certification chain */ int skip_verify; /* do not check signatures on data */ int lock_once; /* Keep lock once they are set */ @@ -164,6 +162,10 @@ struct * mode. */ int require_compliance; + /* Enable always-trust mode - note that there is also server option + * for this. */ + int always_trust; + /* Enable creation of authenticode signatures. */ int authenticode; @@ -269,6 +271,9 @@ struct server_control_s 2 := STEED model. */ int offline; /* If true gpgsm won't do any network access. */ + int always_trust; /* True in always-trust mode; see also + * opt.always-trust. */ + /* The current time. Used as a helper in certchain.c. */ ksba_isotime_t current_time; @@ -388,6 +393,7 @@ int gpgsm_create_cms_signature (ctrl_t ctrl, #define VALIDATE_FLAG_NO_DIRMNGR 1 #define VALIDATE_FLAG_CHAIN_MODEL 2 #define VALIDATE_FLAG_STEED 4 +#define VALIDATE_FLAG_BYPASS 8 /* No actual validation. */ gpg_error_t gpgsm_walk_cert_chain (ctrl_t ctrl, ksba_cert_t start, ksba_cert_t *r_next); |