1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

agent: Make --allow-mark-trusted the default.

* agent/gpg-agent.c (opts, main): Add option --no-allow-mark-trusted.
Put this option into the gpgconf-list.
(main): Enable opt.allow_mark_trusted by default.
* tools/gpgconf-comp.c (gc_options_gpg_agent): Replace
allow-mark-trusted by no-allow-mark-trusted.

* agent/trustlist.c (agent_marktrusted): Always set the "relax" flag.

--

These changes have been in effect for the Gpg4win Windows version
since 2011-01-24 and thus first released with Gpg4win 2.1.0.  Given
the current state of PKIX it does not make any sense to lure the Unix
user into false security by making it harder to trust self-signed or
CAcert certificates.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2013-07-03 15:20:25 +02:00
parent 8b0cf1f59e
commit 90b419f3e9
4 changed files with 19 additions and 10 deletions

9
NEWS
View File

@ -1,10 +1,15 @@
Noteworthy changes in version 2.0.21 (unreleased)
-------------------------------------------------
* gpg-agent: By default the users are now asked via the Pinentry
whether they trust an X.509 root key. To prohibit interactive
marking of such keys, the new option --no-allow-mark-trusted may
be used.
* The included ssh agent does now support ECDSA keys.
* New option --enable-putty-support to allow gpg-agent to act as a
Pageant replacement including full smartcard support.
* The new option --enable-putty-support allows gpg-agent on Windows
to act as a Pageant replacement with full smartcard support.
Noteworthy changes in version 2.0.20 (2013-05-10)

View File

@ -112,6 +112,7 @@ enum cmd_and_opt_values
oIgnoreCacheForSigning,
oAllowMarkTrusted,
oNoAllowMarkTrusted,
oAllowPresetPassphrase,
oKeepTTY,
oKeepDISPLAY,
@ -131,8 +132,8 @@ static ARGPARSE_OPTS opts[] = {
{ 301, NULL, 0, N_("@Options:\n ") },
{ oServer, "server", 0, N_("run in server mode (foreground)") },
{ oDaemon, "daemon", 0, N_("run in daemon mode (background)") },
{ oServer, "server", 0, N_("run in server mode (foreground)") },
{ oVerbose, "verbose", 0, N_("verbose") },
{ oQuiet, "quiet", 0, N_("be somewhat more quiet") },
{ oSh, "sh", 0, N_("sh-style command output") },
@ -184,8 +185,9 @@ static ARGPARSE_OPTS opts[] = {
{ oIgnoreCacheForSigning, "ignore-cache-for-signing", 0,
N_("do not use the PIN cache when signing")},
{ oAllowMarkTrusted, "allow-mark-trusted", 0,
N_("allow clients to mark keys as \"trusted\"")},
{ oNoAllowMarkTrusted, "no-allow-mark-trusted", 0,
N_("disallow clients to mark keys as \"trusted\"")},
{ oAllowMarkTrusted, "allow-mark-trusted", 0, "@"},
{ oAllowPresetPassphrase, "allow-preset-passphrase", 0,
N_("allow presetting passphrase")},
{ oSSHSupport, "enable-ssh-support", 0, N_("enable ssh support") },
@ -503,7 +505,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
opt.max_passphrase_days = MAX_PASSPHRASE_DAYS;
opt.enable_passhrase_history = 0;
opt.ignore_cache_for_signing = 0;
opt.allow_mark_trusted = 0;
opt.allow_mark_trusted = 1;
opt.disable_scdaemon = 0;
return 1;
}
@ -563,6 +565,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
case oIgnoreCacheForSigning: opt.ignore_cache_for_signing = 1; break;
case oAllowMarkTrusted: opt.allow_mark_trusted = 1; break;
case oNoAllowMarkTrusted: opt.allow_mark_trusted = 0; break;
case oAllowPresetPassphrase: opt.allow_preset_passphrase = 1; break;
@ -960,7 +963,7 @@ main (int argc, char **argv )
GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
printf ("ignore-cache-for-signing:%lu:\n",
GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
printf ("allow-mark-trusted:%lu:\n",
printf ("no-allow-mark-trusted:%lu:\n",
GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
printf ("disable-scdaemon:%lu:\n",
GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);

View File

@ -731,7 +731,8 @@ agent_marktrusted (ctrl_t ctrl, const char *name, const char *fpr, int flag)
}
else
es_fputs (nameformatted, fp);
es_fprintf (fp, "\n%s%s %c\n", yes_i_trust?"":"!", fprformatted, flag);
es_fprintf (fp, "\n%s%s %c%s\n", yes_i_trust?"":"!", fprformatted, flag,
flag == 'S'? " relax":"");
if (es_ferror (fp))
err = gpg_error_from_syserror ();

View File

@ -532,8 +532,8 @@ static gc_option_t gc_options_gpg_agent[] =
{ "ignore-cache-for-signing", GC_OPT_FLAG_RUNTIME,
GC_LEVEL_BASIC, "gnupg", "do not use the PIN cache when signing",
GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
{ "allow-mark-trusted", GC_OPT_FLAG_RUNTIME,
GC_LEVEL_ADVANCED, "gnupg", "allow clients to mark keys as \"trusted\"",
{ "no-allow-mark-trusted", GC_OPT_FLAG_RUNTIME,
GC_LEVEL_ADVANCED, "gnupg", "disallow clients to mark keys as \"trusted\"",
GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
{ "no-grab", GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT,
"gnupg", "do not grab keyboard and mouse",