security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

agent: New flag "qual" for the trustlist.txt.

Browse source 
* agent/trustlist.c (struct trustitem_s): Add flag "qual".
(read_one_trustfile): Rename arg "allow_include" to "systrust" and
change callers.  Parse new flag "qual".
(istrusted_internal): Print all flags.
* sm/call-agent.c (istrusted_status_cb): Detect the "qual" flag.
* sm/gpgsm.h (struct rootca_flags_s): Add flag "qualified".
* sm/certchain.c (do_validate_chain): Take care of the qualified flag.
--

(cherry picked from commit 7c8c606061)
This commit is contained in:
Werner Koch 2022-02-27 12:03:20 +01:00
parent 3d3b941ce9
commit 7e320a89c2
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
5 changed files with 26 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

6
doc/gpg-agent.texi
View file

@ -823,6 +823,12 @@ CRL checking for the root certificate.
If validation of a certificate finally issued by a CA with this flag set
fails, try again using the chain validation model.
@item qual
The CA is allowed to issue certificates for qualified signatures.
This flag has an effect only if used in the global list. This is now
the preferred way to mark such CA; the old way of having a separate
file @file{qualified.txt} is still supported.
@end table