* sm/gpgsm.h (COMPAT_DE_VS_TRUSTLIST): New.
* sm/gpgsm.c (compatibility_flags): Add flag "de-vs-trustlist"
* sm/call-agent.c (istrusted_status_cb): Apply the compatibility flag.
* sm/certchain.c (do_validate_chain): Handle the "de-vs" flag similar
to the "qualified" flag.
* sm/keylist.c (cert_has_de_vs_flag): New.
(print_compliance_flags): Print compliance string only if the flag is
set or if the compatibiliy flag is set.
--
In de-vs compliance mode we now look at the de-vs flag from the
trustlist.txt and print a certificate as VS-NfD compliant only if this
flag is set. Obviously this now requires that --with-validation has
been used. To revert to the old behaviour a new compatibility flag
can be set.
The advantage of this new behaviour is that also non-compliant
certificates can be entered into the trustlist.txt and such certs
can be used with the usual warning that the cert is not VS-NfD
compliant.
14383ff052