287
289
ARGPARSE_s_s (oAuditLog, "audit-log",
288
290
N_("|FILE|write an audit log to FILE")),
291
ARGPARSE_s_s (oHtmlAuditLog, "html-audit-log", ""),
289
292
ARGPARSE_s_n (oDryRun, "dry-run", N_("do not make any changes")),
290
293
ARGPARSE_s_n (oBatch, "batch", N_("batch mode: never ask")),
291
294
ARGPARSE_s_n (oAnswerYes, "yes", N_("assume yes on most questions")),
374
377
ARGPARSE_s_n (oIgnoreTimeConflict, "ignore-time-conflict", "@"),
375
378
ARGPARSE_s_n (oNoRandomSeedFile, "no-random-seed-file", "@"),
376
379
ARGPARSE_s_n (oNoCommonCertsImport, "no-common-certs-import", "@"),
380
ARGPARSE_s_s (oIgnoreCertExtension, "ignore-cert-extension", "@"),
378
382
/* Command aliases. */
379
383
ARGPARSE_c (aListKeys, "list-key", "@"),
402
406
/* Option --enable-special-filenames */
403
407
static int allow_special_filenames;
405
/* Default value for include-certs. */
406
static int default_include_certs = 1; /* Only include the signer's cert. */
409
/* Default value for include-certs. We need an extra macro for
410
gpgconf-list because the variable will be changed by the command
412
#define DEFAULT_INCLUDE_CERTS -2 /* Include all certs but root. */
413
static int default_include_certs = DEFAULT_INCLUDE_CERTS;
408
415
/* Whether the chain mode shall be used for validation. */
409
416
static int default_validation_model;
643
int numok = (debug_level && digitp (debug_level));
644
int numlvl = numok? atoi (debug_level) : 0;
636
646
if (!debug_level)
638
else if (!strcmp (debug_level, "none"))
648
else if (!strcmp (debug_level, "none") || (numok && numlvl < 1))
640
else if (!strcmp (debug_level, "basic"))
650
else if (!strcmp (debug_level, "basic") || (numok && numlvl <= 2))
641
651
opt.debug = DBG_ASSUAN_VALUE;
642
else if (!strcmp (debug_level, "advanced"))
652
else if (!strcmp (debug_level, "advanced") || (numok && numlvl <= 5))
643
653
opt.debug = DBG_ASSUAN_VALUE|DBG_X509_VALUE;
644
else if (!strcmp (debug_level, "expert"))
654
else if (!strcmp (debug_level, "expert") || (numok && numlvl <= 8))
645
655
opt.debug = (DBG_ASSUAN_VALUE|DBG_X509_VALUE
646
656
|DBG_CACHE_VALUE|DBG_CRYPTO_VALUE);
647
else if (!strcmp (debug_level, "guru"))
657
else if (!strcmp (debug_level, "guru") || numok)
660
/* Unless the "guru" string has been used we don't want to allow
661
hashing debugging. The rationale is that people tend to
662
select the highest debug value and would then clutter their
663
disk with debug files which may reveal confidential data. */
665
opt.debug &= ~(DBG_HASHING_VALUE);
651
669
log_error (_("invalid debug-level `%s' given\n"), debug_level);
655
673
opt.debug |= debug_value;
664
682
if (opt.debug & DBG_CRYPTO_VALUE )
665
683
gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1);
666
684
gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
687
log_info ("enabled debug flags:%s%s%s%s%s%s%s%s\n",
688
(opt.debug & DBG_X509_VALUE )? " x509":"",
689
(opt.debug & DBG_MPI_VALUE )? " mpi":"",
690
(opt.debug & DBG_CRYPTO_VALUE )? " crypto":"",
691
(opt.debug & DBG_MEMORY_VALUE )? " memory":"",
692
(opt.debug & DBG_CACHE_VALUE )? " cache":"",
693
(opt.debug & DBG_MEMSTAT_VALUE)? " memstat":"",
694
(opt.debug & DBG_HASHING_VALUE)? " hashing":"",
695
(opt.debug & DBG_ASSUAN_VALUE )? " assuan":"" );
1544
1575
audit_release (ctrl.audit);
1545
1576
ctrl.audit = audit_new ();
1546
auditfp = open_es_fwrite (auditlog);
1578
auditfp = open_es_fwrite (auditlog);
1580
htmlauditfp = open_es_fwrite (htmlauditlog);
1606
1640
printf ("disable-crl-checks:%lu:\n", GC_OPT_FLAG_NONE);
1607
1641
printf ("disable-trusted-cert-crl-check:%lu:\n", GC_OPT_FLAG_NONE);
1608
1642
printf ("enable-ocsp:%lu:\n", GC_OPT_FLAG_NONE);
1609
printf ("include-certs:%lu:1:\n", GC_OPT_FLAG_DEFAULT);
1643
printf ("include-certs:%lu:%d:\n", GC_OPT_FLAG_DEFAULT,
1644
DEFAULT_INCLUDE_CERTS);
1610
1645
printf ("disable-policy-checks:%lu:\n", GC_OPT_FLAG_NONE);
1611
1646
printf ("auto-issuer-key-retrieve:%lu:\n", GC_OPT_FLAG_NONE);
1612
1647
printf ("disable-dirmngr:%lu:\n", GC_OPT_FLAG_NONE);
1619
1654
printf ("encrypt-to:%lu:\n", GC_OPT_FLAG_DEFAULT);
1620
1655
printf ("keyserver:%lu:\n", GC_OPT_FLAG_NONE);
1657
/* The next one is an info only item and should match what
1658
proc_parameters actually implements. */
1659
printf ("default_pubkey_algo:%lu:\"%s:\n", GC_OPT_FLAG_DEFAULT,
1624
1663
case aGPGConfTest:
1896
1935
/* Print the audit result if needed. */
1897
if (auditlog && auditfp)
1936
if ((auditlog && auditfp) || (htmlauditlog && htmlauditfp))
1899
audit_print_result (ctrl.audit, auditfp, 0);
1938
if (auditlog && auditfp)
1939
audit_print_result (ctrl.audit, auditfp, 0);
1940
if (htmlauditlog && htmlauditfp)
1941
audit_print_result (ctrl.audit, htmlauditfp, 1);
1900
1942
audit_release (ctrl.audit);
1901
1943
ctrl.audit = NULL;
1902
1944
es_fclose (auditfp);
1945
es_fclose (htmlauditfp);