Home GnuPG
Diffusion GnuPG 14383ff052ff

gpgsm: Make use of the de-vs flag in the trustlist.txt.
14383ff052ff
Actions

Description

gpgsm: Make use of the de-vs flag in the trustlist.txt.

* sm/gpgsm.h (COMPAT_DE_VS_TRUSTLIST): New.
* sm/gpgsm.c (compatibility_flags): Add flag "de-vs-trustlist"
* sm/call-agent.c (istrusted_status_cb): Apply the compatibility flag.
* sm/certchain.c (do_validate_chain): Handle the "de-vs" flag similar
to the "qualified" flag.
* sm/keylist.c (cert_has_de_vs_flag): New.
(print_compliance_flags): Print compliance string only if the flag is
set or if the compatibiliy flag is set.

In de-vs compliance mode we now look at the de-vs flag from the
trustlist.txt and print a certificate as VS-NfD compliant only if this
flag is set. Obviously this now requires that --with-validation has
been used. To revert to the old behaviour a new compatibility flag
can be set.

The advantage of this new behaviour is that also non-compliant
certificates can be entered into the trustlist.txt and such certs
can be used with the usual warning that the cert is not VS-NfD
compliant.

Details

Provenance
wernerAuthored on Mon, May 12, 5:36 PM
Parents
rG924f09d1f3c8: gpg: Fully implement the group key flag.
Branches
Unknown
Tags
Unknown

Changes (5)

PathSize
sm/

rG14383ff052ff

View Options

sm/call-agent.c

Loading...
View Options

sm/certchain.c

Loading...
View Options

sm/gpgsm.c

Loading...
View Options

sm/gpgsm.h

Loading...
View Options

sm/keylist.c

Loading...