mirror of
git://git.gnupg.org/gnupg.git
synced 2025-07-02 22:46:30 +02:00
Implement GNUPG_ASSUME_COMPLIANCE envvar for testing
* common/compliance.c (assumed_de_vs_compliance): New.
(get_compliance_cache): Check envvar and fake compliance.
(gnupg_status_compliance_flag): Return 2023 for de-vs if in faked
mode.
* g10/gpg.c (gpgconf_list): For compliance_de_vs return 23 or 2023.
--
The user visible changes are that
GNUPG_ASSUME_COMPLIANCE=de-vs gpgconf --list-options gpg \
| awk -F: '$1=="compliance_de_vs" {print $8}'
returns 2023 if "compliance de-vs" is found in gpg.conf. If
eventually the software is arpproved the returned value will be 23 and
not 1 as it was before. Consumers should check whether they see value
of true (Kleopatra does this right now) and also check whether the
value is > 2000 and in this case print a beta/non-approved warning.
The envvar is currently used to assume that the underlying libgcrypt
is compliant and approved. This is not yet the case but eventually
libgcrypt will announce this itself and from then on the envvar is not
anymore required for testing.
This commit is contained in:
Werner Koch
parent
e8858807bc
commit
b287fb5775
4 changed files with 33 additions and 5 deletions
|
|
@ -257,6 +257,8 @@ described here.
|
|||
|
||||
- 8 :: The key is compliant with RFC4880bis
|
||||
- 23 :: The key is compliant with compliance mode "de-vs".
|
||||
- 2023 :: The key is compliant with a compliance mode "de-vs" but
|
||||
the software has not yet been approved.
|
||||
- 6001 :: Screening hit on the ROCA vulnerability.
|
||||
|
||||
*** Field 19 - Last update
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue