gpgsm: Add option --no-qes-note and trustlist flag "noconsent".

* agent/trustlist.c (struct trustitem_s): Add flag "noconsent".
(read_one_trustfile): Set flag.
(istrusted_internal): Emit flag value.
* sm/call-agent.c (istrusted_status_cb): Parse flag.
* sm/certchain.c (do_validate_chain): Handle flag by using a different
true value for an existing variable.
* sm/sign.c (gpgsm_sign): Consult the new flag.
* sm/gpgsm.c (enum cmd_and_opt_values): Add oNoQESNote.
(opts): Add option --no-qes-note.
* sm/gpgsm.h (opt): Add field no_qes_note.
(struct rootca_flags_s): Add flag noconsent.
* sm/sign.c (gpgsm_sign): Take care of the noconsent flag.
* sm/qualified.c (gpgsm_qualified_consent): Take care of no_qes_note.
* sm/verify.c (gpgsm_verify): Ditto.
--

GnuPG-bug-id: 7713

1 files changed, 4 insertions, 0 deletions

diff --git a/sm/gpgsm.h b/sm/gpgsm.h
index d23223ea9..cc049d05b 100644
--- a/sm/gpgsm.h
+++ b/sm/gpgsm.h
@@ -141,6 +141,9 @@ struct
                                runtime option in case we want to check
                                the integrity of the software at
                                runtime. */
+  int no_qes_note;          /* Do not print a note that the software
+                             * has not been approved for creating or
+                             * verifying qualified signatures.  */
 
   unsigned int min_rsa_length;   /* Used for compliance checks.  */
 
@@ -341,6 +344,7 @@ struct rootca_flags_s
   unsigned int relax:1;  /* Relax checking of root certificates.  */
   unsigned int chain_model:1; /* Root requires the use of the chain model.  */
   unsigned int qualified:1;   /* Root CA used for qualified signatures.   */
+  unsigned int noconsent:1;   /* Consent is not required "qualified".     */
   unsigned int de_vs:1;       /* Root CA is de-vs compliant.             */
 };