mirror of
git://git.gnupg.org/gnupg.git
synced 2025-07-03 22:56:33 +02:00
agent: New option --no-user-trustlist and --sys-trustlist-name.
* agent/gpg-agent.c (oNoUserTrustlist,oSysTrustlistName): New.
(opts): Add new option names.
(parse_rereadable_options): Parse options.
(finalize_rereadable_options): Reset allow-mark-trusted for the new
option.
* agent/agent.h (opt): Add fields no_user_trustlist and
sys_trustlist_name.
* agent/trustlist.c (make_sys_trustlist_name): New.
(read_one_trustfile): Use here.
(read_trustfiles): Use here. Implement --no-user-trustlist. Also
repalce "allow_include" by "systrust" and adjust callers.
--
With the global options we can now avoid that a user changes the
Root-CA trust by editing the trustlist.txt. However, to implement
this we need a new option so that we don't need to rely on some magic
like --no-allow-mark-trusted has been put into a force section.
The second option makes system administration easier as it allows to
keep the trustlist in a non-distributed file.
GnuPG-bug-id: 5990
Backported-from-master: 1530d04725
This commit is contained in:
Werner Koch
parent
abe69b2094
commit
d0bd91ba73
4 changed files with 77 additions and 17 deletions
|
|
@ -148,6 +148,13 @@ struct
|
|||
interactively mark certificate in trustlist.txt as trusted. */
|
||||
int allow_mark_trusted;
|
||||
|
||||
/* Only use the system trustlist. */
|
||||
int no_user_trustlist;
|
||||
|
||||
/* The standard system trustlist is SYSCONFDIR/trustlist.txt. This
|
||||
* option can be used to change the name. */
|
||||
const char *sys_trustlist_name;
|
||||
|
||||
/* If this global option is true, the Assuan command
|
||||
PRESET_PASSPHRASE is allowed. */
|
||||
int allow_preset_passphrase;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue