agent: Make --allow-mark-trusted the default.

* agent/gpg-agent.c (opts, main): Add option --no-allow-mark-trusted. Put this option into the gpgconf-list. (main): Enable opt.allow_mark_trusted by default. * tools/gpgconf-comp.c (gc_options_gpg_agent): Replace allow-mark-trusted by no-allow-mark-trusted. * agent/trustlist.c (agent_marktrusted): Always set the "relax" flag. -- These changes have been in effect for the Gpg4win Windows version since 2011-01-24 and thus first released with Gpg4win 2.1.0. Given the current state of PKIX it does not make any sense to lure the Unix user into false security by making it harder to trust self-signed or CAcert certificates. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-03 22:56:33 +02:00 · 2013-07-03 15:20:25 +02:00 · 2013-07-03 15:20:25 +02:00 · 90b419f3e9
commit 90b419f3e9
parent 8b0cf1f59e
4 changed files with 19 additions and 10 deletions
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@ -112,6 +112,7 @@ enum cmd_and_opt_values

  oIgnoreCacheForSigning,
  oAllowMarkTrusted,
+  oNoAllowMarkTrusted,
  oAllowPresetPassphrase,
  oKeepTTY,
  oKeepDISPLAY,
@ -131,8 +132,8 @@ static ARGPARSE_OPTS opts[] = {

  { 301, NULL, 0, N_("@Options:\n ") },

-  { oServer,   "server",     0, N_("run in server mode (foreground)") },
  { oDaemon,   "daemon",     0, N_("run in daemon mode (background)") },
+  { oServer,   "server",     0, N_("run in server mode (foreground)") },
  { oVerbose, "verbose",     0, N_("verbose") },
  { oQuiet,	"quiet",     0, N_("be somewhat more quiet") },
  { oSh,	"sh",        0, N_("sh-style command output") },
@ -184,8 +185,9 @@ static ARGPARSE_OPTS opts[] = {

  { oIgnoreCacheForSigning, "ignore-cache-for-signing", 0,
                               N_("do not use the PIN cache when signing")},
-  { oAllowMarkTrusted, "allow-mark-trusted", 0,
-                             N_("allow clients to mark keys as \"trusted\"")},
+  { oNoAllowMarkTrusted, "no-allow-mark-trusted", 0,
+                            N_("disallow clients to mark keys as \"trusted\"")},
+  { oAllowMarkTrusted, "allow-mark-trusted", 0, "@"},
  { oAllowPresetPassphrase, "allow-preset-passphrase", 0,
                             N_("allow presetting passphrase")},
  { oSSHSupport, "enable-ssh-support", 0, N_("enable ssh support") },
@ -503,7 +505,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
      opt.max_passphrase_days = MAX_PASSPHRASE_DAYS;
      opt.enable_passhrase_history = 0;
      opt.ignore_cache_for_signing = 0;
-      opt.allow_mark_trusted = 0;
+      opt.allow_mark_trusted = 1;
      opt.disable_scdaemon = 0;
      return 1;
    }
@ -563,6 +565,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
    case oIgnoreCacheForSigning: opt.ignore_cache_for_signing = 1; break;

    case oAllowMarkTrusted: opt.allow_mark_trusted = 1; break;
+    case oNoAllowMarkTrusted: opt.allow_mark_trusted = 0; break;

    case oAllowPresetPassphrase: opt.allow_preset_passphrase = 1; break;

@ -960,7 +963,7 @@ main (int argc, char **argv )
              GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
      printf ("ignore-cache-for-signing:%lu:\n",
              GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
-      printf ("allow-mark-trusted:%lu:\n",
+      printf ("no-allow-mark-trusted:%lu:\n",
              GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
      printf ("disable-scdaemon:%lu:\n",
              GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
--- a/agent/trustlist.c
+++ b/agent/trustlist.c
@ -731,7 +731,8 @@ agent_marktrusted (ctrl_t ctrl, const char *name, const char *fpr, int flag)
    }
  else
    es_fputs (nameformatted, fp);
-  es_fprintf (fp, "\n%s%s %c\n", yes_i_trust?"":"!", fprformatted, flag);
+  es_fprintf (fp, "\n%s%s %c%s\n", yes_i_trust?"":"!", fprformatted, flag,
+              flag == 'S'? " relax":"");
  if (es_ferror (fp))
    err = gpg_error_from_syserror ();