[PATCH scute] Add no-chain option (t6002 version).

Damien Goutte-Gattat dgouttegattat at incenp.org
Fri Sep 16 04:17:16 CEST 2022


This is the same patch as my previous one, but this one applies
cleanly to the t6002 branch, for convenience.

-- >8 --
Subject: [PATCH scute] Add option to return leaf certificate only.

* src/options.h (_scute_opt_t): Add no_chain.
* src/readconf.c (_scute_read_conf): Set no_chain.
* src/agent.c (scute_gpgsm_get_cert): Ask for chain of certificates
depending on no_chain value.
--

The default behaviour of Scute of returning the full certificate
chain may cause various issues in client applications, some of
which seemingly only expect a single certificate. Thus we make
this behaviour configurable.

Signed-off-by: Damien Goutte-Gattat <dgouttegattat at incenp.org>
---
 doc/scute.texi | 6 ++++++
 src/gpgsm.c    | 3 +--
 src/options.h  | 1 +
 src/readconf.c | 4 +++-
 4 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/doc/scute.texi b/doc/scute.texi
index eb0e6f3..b01273f 100644
--- a/doc/scute.texi
+++ b/doc/scute.texi
@@ -220,6 +220,12 @@ This is a hack to ignore a request to use native threads instead of
 user provided callbacks.  Should only be used with caution if there is
 no easy way to fix the caller or until we have fixed Scute.
 
+ at item no-chain
+ at opindex no-chain
+By default, when Scute is asked for a certificate, it returns the
+requested certificate along with the chain of signing certificates.
+This option makes Scute return only the leaf certificate.
+
 @end table
 
 In addition to the above configuration file, Scute also reads GnuPG´s
diff --git a/src/gpgsm.c b/src/gpgsm.c
index 9d6dfd3..0b5f3ee 100644
--- a/src/gpgsm.c
+++ b/src/gpgsm.c
@@ -125,12 +125,11 @@ scute_gpgsm_get_cert (const char *grip, cert_get_cb_t cert_get_cb, void *hook)
   search.depth = 0;
   search.cert_get_cb = cert_get_cb;
   search.hook = hook;
-  search.with_chain = false;
+  search.with_chain = !_scute_opt.no_chain;
   search.grip = grip;
 
   DEBUG (DBG_INFO, "scute_gpgsm_get_cert: grip='%s'", grip);
 
-  search.with_chain = true;
   err = scute_gpgsm_search_certs (KEYLIST_BY_GRIP, grip, search_cb, &search);
   if (!err)
     {
diff --git a/src/options.h b/src/options.h
index 0ed034a..bb9b1cf 100644
--- a/src/options.h
+++ b/src/options.h
@@ -28,6 +28,7 @@ typedef struct {
   int only_marked;
   int assume_single_threaded;
   int no_autostart;  /* Do not autostart gpg-agent.  */
+  int no_chain;
 } _scute_opt_t;
 
 extern _scute_opt_t _scute_opt;
diff --git a/src/readconf.c b/src/readconf.c
index cfede1b..729310f 100644
--- a/src/readconf.c
+++ b/src/readconf.c
@@ -54,7 +54,7 @@ void
 _scute_read_conf (void)
 {
   enum { oNull = 500, oUser, oDebug, oLogfile, oOnlyMarked,
-         oAssumeSingleThreaded, oNoAutostart };
+         oAssumeSingleThreaded, oNoAutostart, oNoChain };
   gpgrt_opt_t opts[] =
     {
      ARGPARSE_s_s(oUser, "user", NULL ),
@@ -62,6 +62,7 @@ _scute_read_conf (void)
      ARGPARSE_s_s(oLogfile, "log-file", NULL),
      ARGPARSE_s_n(oOnlyMarked, "only-marked", NULL),
      ARGPARSE_s_n(oAssumeSingleThreaded, "assume-single-threaded", NULL),
+     ARGPARSE_s_n(oNoChain, "no-chain", NULL),
      ARGPARSE_end()
     };
   gpgrt_opt_t commonopts[] =
@@ -90,6 +91,7 @@ _scute_read_conf (void)
           _scute_opt.assume_single_threaded = 1;
           break;
         case oOnlyMarked: _scute_opt.only_marked = 1; break;
+        case oNoChain: _scute_opt.no_chain = 1; break;
         case ARGPARSE_CONFFILE: break;
         default : pargs.err = ARGPARSE_PRINT_WARNING; break;
 	}
-- 
2.35.3




More information about the Gnupg-devel mailing list