security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-02-13 18:33:03 +01:00
Code Activity

gpg: --compliance=rfc2440 does not require cross-certification

Browse Source 
* g10/gpg.c (set_compliance_option): clear
opt.flags.require_cross_cert with oRFC2440

--
This aligns with the expectations in RFC 2440, which doesn't specify
any cross-certifications.  As doc/gpg.texi says: "This is dangerous",
but it aligns with the specification.

The comment above says that 4880 is the same as 2440, "but with [...]
--require-cross-certification", so we align the code with the intent
from the comment.  It looks like opt.require_cross_cert was turned on
by default after that comment (and the oRFC2440 section) was written,
but the oRFC2440 section was never updated to turn it off.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
This commit is contained in:
Daniel Kahn Gillmor via Gnupg-devel 2025-01-31 12:37:16 -05:00 committed by Werner Koch
parent 159e801043
commit 54a8770aeb
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
g10/gpg.c
View File

@ -2302,6 +2302,7 @@ set_compliance_option (enum cmd_and_opt_values option)
case oRFC2440: case oRFC2440:
opt.compliance = CO_RFC2440; opt.compliance = CO_RFC2440;
opt.flags.dsa2 = 0; opt.flags.dsa2 = 0;
opt.flags.require_cross_cert = 0;
opt.rfc2440_text = 1; opt.rfc2440_text = 1;
opt.allow_non_selfsigned_uid = 1; opt.allow_non_selfsigned_uid = 1;
opt.allow_freeform_uid = 1; opt.allow_freeform_uid = 1;