Implemented the chain model for X.509 validation.

agent/ChangeLog

@@ -1,3 +1,8 @@
+2007-08-06  Werner Koch  <wk@g10code.com>
+
+	* trustlist.c (read_one_trustfile): Add flag "cm".
+	(agent_istrusted): Ditto.
+
 2007-08-02  Werner Koch  <wk@g10code.com>
 
 	* gpg-agent.c: Include gc-opt-flags.h and remove their definition

agent/trustlist.c

@@ -1,5 +1,5 @@
 /* trustlist.c - Maintain the list of trusted keys
- *	Copyright (C) 2002, 2004, 2006 Free Software Foundation, Inc.
+ * Copyright (C) 2002, 2004, 2006, 2007 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
@@ -42,6 +42,7 @@ struct trustitem_s
     int for_smime:1;      /* Set by '*' or 'S' as first flag. */
     int relax:1;          /* Relax checking of root certificate
                              constraints. */
+    int cm:1;             /* Use chain model for validation. */
   } flags;
   unsigned char fpr[20];  /* The binary fingerprint. */
 };
@@ -267,6 +268,8 @@ read_one_trustfile (const char *fname, int allow_include,
             }
           else if (n == 5 && !memcmp (p, "relax", 5))
             ti->flags.relax = 1;
+          else if (n == 2 && !memcmp (p, "cm", 2))
+            ti->flags.cm = 1;
           else
             log_error ("flag `%.*s' in `%s', line %d ignored\n",
                        n, p, fname, lnr);
@@ -396,6 +399,14 @@ agent_istrusted (ctrl_t ctrl, const char *fpr)
                 if (err)
                   return err;
               }
+            else if (ti->flags.cm)
+              {
+                err = agent_write_status (ctrl,
+                                          "TRUSTLISTFLAG", "cm", 
+                                          NULL);
+                if (err)
+                  return err;
+              }
             return 0; /* Trusted. */
           }
     }