1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

agent: Add trustlist flag "de-vs".

* agent/trustlist.c (struct trustitem_s): Add field de_vs.
(read_one_trustfile): Parse it.
(istrusted_internal): Emit TRUSTLISTFLAG status line.
* sm/gpgsm.h (struct rootca_flags_s): Add field de_vs.
* sm/call-agent.c (istrusted_status_cb): Detect the flags.

* sm/sign.c (write_detached_signature): Remove unused vars.
--

Right now this flag has no effect; we first need to specify the exact
behaviour.

GnuPG-bug-id: 5079
(cherry picked from commit a5360ae4c7bfe6df6754409d5bd5c5a521ae5e6f)
This commit is contained in:
Werner Koch 2023-04-03 14:06:36 +02:00
parent 7e320a89c2
commit 6d45fcdd3c
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
4 changed files with 15 additions and 1 deletions

View File

@ -46,6 +46,7 @@ struct trustitem_s
constraints. */
int cm:1; /* Use chain model for validation. */
int qual:1; /* Root CA for qualified signatures. */
int de_vs:1; /* Root CA for de-vs compliant PKI. */
} flags;
unsigned char fpr[20]; /* The binary fingerprint. */
};
@ -325,6 +326,8 @@ read_one_trustfile (const char *fname, int systrust,
ti->flags.cm = 1;
else if (n == 4 && !memcmp (p, "qual", 4) && systrust)
ti->flags.qual = 1;
else if (n == 4 && !memcmp (p, "de-vs", 4) && systrust)
ti->flags.de_vs = 1;
else
log_error ("flag '%.*s' in '%s', line %d ignored\n",
n, p, fname, lnr);
@ -477,7 +480,8 @@ istrusted_internal (ctrl_t ctrl, const char *fpr, int *r_disabled,
in a locked state. */
if (already_locked)
;
else if (ti->flags.relax || ti->flags.cm || ti->flags.qual)
else if (ti->flags.relax || ti->flags.cm || ti->flags.qual
|| ti->flags.de_vs)
{
unlock_trusttable ();
locked = 0;
@ -488,6 +492,8 @@ istrusted_internal (ctrl_t ctrl, const char *fpr, int *r_disabled,
err = agent_write_status (ctrl,"TRUSTLISTFLAG", "cm", NULL);
if (!err && ti->flags.qual)
err = agent_write_status (ctrl,"TRUSTLISTFLAG", "qual",NULL);
if (!err && ti->flags.de_vs)
err = agent_write_status (ctrl,"TRUSTLISTFLAG", "de-vs",NULL);
}
if (!err)

View File

@ -829,6 +829,11 @@ This flag has an effect only if used in the global list. This is now
the preferred way to mark such CA; the old way of having a separate
file @file{qualified.txt} is still supported.
@item de-vs
The CA is part of an approved PKI for the German classification level
VS-NfD. It is only valid in the global trustlist. As of now this is
used only for documentation purpose.
@end table

View File

@ -874,6 +874,8 @@ istrusted_status_cb (void *opaque, const char *line)
flags->chain_model = 1;
else if (has_leading_keyword (line, "qual"))
flags->qualified = 1;
else if (has_leading_keyword (line, "de-vs"))
flags->de_vs = 1;
}
return 0;
}

View File

@ -262,6 +262,7 @@ struct rootca_flags_s
unsigned int relax:1; /* Relax checking of root certificates. */
unsigned int chain_model:1; /* Root requires the use of the chain model. */
unsigned int qualified:1; /* Root CA used for qualfied signatures. */
unsigned int de_vs:1; /* Root CA is de-vs compliant. */
};