gpgsm: Add --always-trust feature.

* sm/gpgsm.h (opt): Re-purpose unused flag always_trust. (struct server_control_s): Add "always_trust". (VALIDATE_FLAG_BYPASS): New. * sm/gpgsm.c (oAlwaysTrust): New. (opts): Add "--always-trust" (main): Set option. * sm/server.c (option_handler): Add option "always-trust". (reset_notify): Clear that option. (cmd_encrypt): Ditto. (cmd_getinfo): Add sub-command always-trust. * sm/certchain.c (gpgsm_validate_chain): Handle VALIDATE_FLAG_BYPASS. * sm/certlist.c (gpgsm_add_to_certlist): Set that flag for recipients in always-trust mode. -- GnuPG-bug-id: 6559
2025-07-03 22:56:33 +02:00 · 2023-08-31 11:13:38 +02:00 · 2023-08-31 11:13:38 +02:00 · 776876ce1c
commit 776876ce1c
parent ee27ac18ea
6 changed files with 79 additions and 7 deletions
--- a/sm/certchain.c
+++ b/sm/certchain.c
@ -2199,9 +2199,15 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime,

  memset (&rootca_flags, 0, sizeof rootca_flags);

-  rc = do_validate_chain (ctrl, cert, checktime,
-                          r_exptime, listmode, listfp, flags,
-                          &rootca_flags);
+  if ((flags & VALIDATE_FLAG_BYPASS))
+    {
+      *retflags |= VALIDATE_FLAG_BYPASS;
+      rc = 0;
+    }
+  else
+    rc = do_validate_chain (ctrl, cert, checktime,
+                            r_exptime, listmode, listfp, flags,
+                            &rootca_flags);
  if (!rc && (flags & VALIDATE_FLAG_STEED))
    {
      *retflags |= VALIDATE_FLAG_STEED;
@ -2223,6 +2229,8 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime,

  if (opt.verbose)
    do_list (0, listmode, listfp, _("validation model used: %s"),
+             (*retflags & VALIDATE_FLAG_BYPASS)?
+             "bypass" :
             (*retflags & VALIDATE_FLAG_STEED)?
             "steed" :
             (*retflags & VALIDATE_FLAG_CHAIN_MODEL)?