agent: Make --allow-mark-trusted the default.

* agent/gpg-agent.c (opts, main): Add option --no-allow-mark-trusted. Put this option into the gpgconf-list. (main): Enable opt.allow_mark_trusted by default. * tools/gpgconf-comp.c (gc_options_gpg_agent): Replace allow-mark-trusted by no-allow-mark-trusted. * agent/trustlist.c (agent_marktrusted): Always set the "relax" flag. -- These changes have been in effect for the Gpg4win Windows version since 2011-01-24 and thus first released with Gpg4win 2.1.0. Given the current state of PKIX it does not make any sense to lure the Unix user into false security by making it harder to trust self-signed or CAcert certificates. Signed-off-by: Werner Koch <wk@gnupg.org> (cherry picked from commit 90b419f3e9) Resolved conflicts: NEWS agent/gpg-agent.c
2025-07-03 22:56:33 +02:00 · 2013-07-03 15:20:25 +02:00 · 2013-07-03 15:20:25 +02:00 · 9942a149ff
commit 9942a149ff
parent 5105c8d2d3
4 changed files with 20 additions and 10 deletions
--- a/agent/trustlist.c
+++ b/agent/trustlist.c
@ -774,7 +774,8 @@ agent_marktrusted (ctrl_t ctrl, const char *name, const char *fpr, int flag)
    }
  else
    es_fputs (nameformatted, fp);
-  es_fprintf (fp, "\n%s%s %c\n", yes_i_trust?"":"!", fprformatted, flag);
+  es_fprintf (fp, "\n%s%s %c%s\n", yes_i_trust?"":"!", fprformatted, flag,
+              flag == 'S'? " relax":"");
  if (es_ferror (fp))
    err = gpg_error_from_syserror ();