gpgsm: Add --always-trust feature.

* sm/gpgsm.h (opt): Re-purpose unused flag always_trust. (struct server_control_s): Add "always_trust". (VALIDATE_FLAG_BYPASS): New. * sm/gpgsm.c (oAlwaysTrust): New. (opts): Add "--always-trust" (main): Set option. * sm/server.c (option_handler): Add option "always-trust". (reset_notify): Clear that option. (cmd_encrypt): Ditto. (cmd_getinfo): Add sub-command always-trust. * sm/certchain.c (gpgsm_validate_chain): Handle VALIDATE_FLAG_BYPASS. * sm/certlist.c (gpgsm_add_to_certlist): Set that flag for recipients in always-trust mode. -- GnuPG-bug-id: 6559
2025-07-03 22:56:33 +02:00 · 2023-08-31 11:13:38 +02:00 · 2023-08-31 11:13:38 +02:00 · 776876ce1c
commit 776876ce1c
parent ee27ac18ea
6 changed files with 79 additions and 7 deletions
--- a/sm/certlist.c
+++ b/sm/certlist.c
@ -448,6 +448,11 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret,

          if (!rc && !is_cert_in_certlist (cert, *listaddr))
            {
+              unsigned int valflags = 0;
+
+              if (!secret && (opt.always_trust || ctrl->always_trust))
+                valflags |= VALIDATE_FLAG_BYPASS;
+
              if (!rc && secret)
                {
                  char *p;
@ -461,9 +466,10 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret,
                      xfree (p);
                    }
                }
+
              if (!rc)
                rc = gpgsm_validate_chain (ctrl, cert, GNUPG_ISOTIME_NONE, NULL,
-                                           0, NULL, 0, NULL);
+                                           0, NULL, valflags, NULL);
              if (!rc)
                {
                  certlist_t cl = xtrycalloc (1, sizeof *cl);