Support GPGME_ENCRYPT_ALWAYS_TRUST also for S/MIME.

* src/engine-gpgsm.c (gpgsm_encrypt): Send the always-trust options. * tests/run-encrypt.c: Add option --always-trust. -- Note that the run-encrypt test tool used to assume always-trust for OpenPGP since 1.7.0 This bug has also been fixed by introducing the explicit option. GnuPG-bug-id: 6559
author: Werner Koch <[email protected]> 2023-08-31 10:02:02 +0000
committer: Werner Koch <[email protected]> 2023-08-31 10:02:02 +0000
commit: d75b2a91517397261c2508dba058611f803c0733 (patch)
tree: 380b1f0e36039b170deb559f18dafbde737ab60f
parent: qt: Allow specifying user IDs to use when refreshing keys via WKD (diff)
download: gpgme-d75b2a91517397261c2508dba058611f803c0733.tar.gz
gpgme-d75b2a91517397261c2508dba058611f803c0733.zip
5 files changed, 29 insertions, 5 deletions
diff --git a/NEWS b/NEWS
index 7f38bee7..1862faf8 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,8 @@
-Noteworthy changes in version 1.22.1 (unreleased)
+Noteworthy changes in version 1.23.0 (unreleased)
 -------------------------------------------------
 
+ * Support GPGME_ENCRYPT_ALWAYS_TRUST also for S/MIME.  [T6559]
+
  * qt: Support refreshing keys via WKD.  [T6672]
 
  * Interface changes relative to the 1.22.0 release:
@@ -8,6 +10,7 @@ Noteworthy changes in version 1.22.1 (unreleased)
  qt: Protocol::wkdRefreshJob                NEW.
  qt: WKDRefreshJob                          NEW.
 
+
 Noteworthy changes in version 1.22.0 (2023-08-21)
 -------------------------------------------------
 
diff --git a/configure.ac b/configure.ac
index 2369db52..51dd0fe3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -31,8 +31,8 @@ min_automake_version="1.14"
 # for the LT versions.
 m4_define([mym4_package],[gpgme])
 m4_define([mym4_major], [1])
-m4_define([mym4_minor], [22])
-m4_define([mym4_micro], [1])
+m4_define([mym4_minor], [23])
+m4_define([mym4_micro], [0])
 
 # Below is m4 magic to extract and compute the git revision number,
 # the decimalized short revision number, a beta version string and a
diff --git a/doc/gpgme.texi b/doc/gpgme.texi
index 8fc6a263..714ff916 100644
--- a/doc/gpgme.texi
+++ b/doc/gpgme.texi
@@ -6546,6 +6546,10 @@ recipients in @var{recp} should be trusted, even if the keys do not
 have a high enough validity in the keyring.  This flag should be used
 with care; in general it is not a good idea to use any untrusted keys.
 
+For the S/MIME (CMS) protocol this flag allows to encrypt to a
+certificate without running any checks on the validity of the
+certificate.
+
 @item GPGME_ENCRYPT_NO_ENCRYPT_TO
 @since{1.2.0}
 
diff --git a/src/engine-gpgsm.c b/src/engine-gpgsm.c
index 8a8beb87..24b142c5 100644
--- a/src/engine-gpgsm.c
+++ b/src/engine-gpgsm.c
@@ -1255,7 +1255,7 @@ gpgsm_reset (void *engine)
 
   /* IF we have an active connection we must send a reset because we
      need to reset the list of signers.  Note that RESET does not
-     reset OPTION commands. */
+     reset all OPTION commands. */
   return (gpgsm->assuan_ctx
           ? gpgsm_assuan_simple_command (gpgsm, "RESET", NULL, NULL)
           : 0);
@@ -1547,6 +1547,17 @@ gpgsm_encrypt (void *engine, gpgme_key_t recp[], const char *recpstring,
 	return err;
     }
 
+  if ((flags & GPGME_ENCRYPT_ALWAYS_TRUST))
+    {
+      /* Note that a RESET and the actual operation resets the
+       * always-trust option.  To support older gnupg versions we
+       * ignore the unknown option error.  */
+      err = gpgsm_assuan_simple_command (gpgsm,
+                                         "OPTION always-trust", NULL, NULL);
+      if (err && gpg_err_code (err) != GPG_ERR_UNKNOWN_OPTION)
+        return err;
+    }
+
   err = send_input_size_hint (gpgsm, plain);
   if (err)
     return err;
diff --git a/tests/run-encrypt.c b/tests/run-encrypt.c
index 94a66283..80c40729 100644
--- a/tests/run-encrypt.c
+++ b/tests/run-encrypt.c
@@ -147,6 +147,7 @@ show_usage (int ex)
          "  --key NAME         encrypt to key NAME\n"
          "  --keystring NAMES  encrypt to ';' delimited NAMES\n"
          "  --throw-keyids     use this option\n"
+         "  --always-trust     use this option\n"
          "  --no-symkey-cache  disable the use of that cache\n"
          "  --wrap             assume input is valid OpenPGP message\n"
          "  --symmetric        encrypt symmetric (OpenPGP only)\n"
@@ -180,7 +181,7 @@ main (int argc, char **argv)
   const char *directory = NULL;
   const char *output = NULL;
   int i;
-  gpgme_encrypt_flags_t flags = GPGME_ENCRYPT_ALWAYS_TRUST;
+  gpgme_encrypt_flags_t flags = 0;
   gpgme_off_t offset;
   int no_symkey_cache = 0;
   int diagnostics = 0;
@@ -263,6 +264,11 @@ main (int argc, char **argv)
           flags |= GPGME_ENCRYPT_THROW_KEYIDS;
           argc--; argv++;
         }
+      else if (!strcmp (*argv, "--always-trust"))
+        {
+          flags |= GPGME_ENCRYPT_ALWAYS_TRUST;
+          argc--; argv++;
+        }
       else if (!strcmp (*argv, "--wrap"))
         {
           flags |= GPGME_ENCRYPT_WRAP;
author	Werner Koch <[email protected]>	2023-08-31 10:02:02 +0000
committer	Werner Koch <[email protected]>	2023-08-31 10:02:02 +0000
commit	d75b2a91517397261c2508dba058611f803c0733 (patch)
tree	380b1f0e36039b170deb559f18dafbde737ab60f
parent	qt: Allow specifying user IDs to use when refreshing keys via WKD (diff)
download	gpgme-d75b2a91517397261c2508dba058611f803c0733.tar.gz gpgme-d75b2a91517397261c2508dba058611f803c0733.zip