mirror of
git://git.gnupg.org/gnupg.git
synced 2025-05-24 16:43:28 +02:00
14383ff052
* sm/gpgsm.h (COMPAT_DE_VS_TRUSTLIST): New. * sm/gpgsm.c (compatibility_flags): Add flag "de-vs-trustlist" * sm/call-agent.c (istrusted_status_cb): Apply the compatibility flag. * sm/certchain.c (do_validate_chain): Handle the "de-vs" flag similar to the "qualified" flag. * sm/keylist.c (cert_has_de_vs_flag): New. (print_compliance_flags): Print compliance string only if the flag is set or if the compatibiliy flag is set. -- In de-vs compliance mode we now look at the de-vs flag from the trustlist.txt and print a certificate as VS-NfD compliant only if this flag is set. Obviously this now requires that --with-validation has been used. To revert to the old behaviour a new compatibility flag can be set. The advantage of this new behaviour is that also non-compliant certificates can be entered into the trustlist.txt and such certs can be used with the usual warning that the cert is not VS-NfD compliant.