diff --git a/NEWS b/NEWS index 64cb7c84d..28d1196fb 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,9 @@ Noteworthy changes in version 2.0.14 ------------------------------------------------- + * The default for --inlucde-cert is now to include all certificates + in the chain except for the root certificate. + Noteworthy changes in version 2.0.13 (2009-09-04) ------------------------------------------------- diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi index a2b3db0cf..5835c7213 100644 --- a/doc/gpgsm.texi +++ b/doc/gpgsm.texi @@ -560,7 +560,7 @@ Using @var{n} of -2 includes all certificate except for the root cert, -1 includes all certs, 0 does not include any certs, 1 includes only the signers cert (this is the default) and all other positive values include up to @var{n} certificates starting with the signer cert. - +The default is -2. @item --cipher-algo @var{oid} @opindex cipher-algo diff --git a/sm/ChangeLog b/sm/ChangeLog index 4ac44576e..e5c51b275 100644 --- a/sm/ChangeLog +++ b/sm/ChangeLog @@ -1,3 +1,8 @@ +2009-10-16 Werner Koch + + * gpgsm.c (DEFAULT_INCLUDE_CERTS): New. + (default_include_certs): Init to -2. + 2009-08-06 Werner Koch * sign.c (gpgsm_sign): Print INV_SNDR for a bad default key. diff --git a/sm/gpgsm.c b/sm/gpgsm.c index 042e5d389..2b99c2d9c 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -402,8 +402,11 @@ static unsigned int debug_value; /* Option --enable-special-filenames */ static int allow_special_filenames; -/* Default value for include-certs. */ -static int default_include_certs = 1; /* Only include the signer's cert. */ +/* Default value for include-certs. We need an extra macro for + gpgconf-list because the variable will be changed by the command + line option. */ +#define DEFAULT_INCLUDE_CERTS -2 /* Include all certs but root. */ +static int default_include_certs = DEFAULT_INCLUDE_CERTS; /* Whether the chain mode shall be used for validation. */ static int default_validation_model; @@ -1606,7 +1609,8 @@ main ( int argc, char **argv) printf ("disable-crl-checks:%lu:\n", GC_OPT_FLAG_NONE); printf ("disable-trusted-cert-crl-check:%lu:\n", GC_OPT_FLAG_NONE); printf ("enable-ocsp:%lu:\n", GC_OPT_FLAG_NONE); - printf ("include-certs:%lu:1:\n", GC_OPT_FLAG_DEFAULT); + printf ("include-certs:%lu:%d:\n", GC_OPT_FLAG_DEFAULT, + DEFAULT_INCLUDE_CERTS); printf ("disable-policy-checks:%lu:\n", GC_OPT_FLAG_NONE); printf ("auto-issuer-key-retrieve:%lu:\n", GC_OPT_FLAG_NONE); printf ("disable-dirmngr:%lu:\n", GC_OPT_FLAG_NONE);