--- doc/scute.texi 2022-09-16 12:34:52.944579251 +0100 +++ doc/scute.texi 2022-09-16 12:39:49.165461792 +0100 @@ -208,6 +208,12 @@ log to @var{file}. Writing to a socket will be possible by prefixing the @var{file} with the string @code{socket://}. +@item no-chain +@opindex no-chain +By default, when Scute is asked for a certificate, it returns the +requested certificate along with the chain of signing certificates. +This option makes Scute return only the leaf certificate. + @end table @mansect notes (Firefox) --- src/gpgsm.c 2022-09-16 12:34:52.945579240 +0100 +++ src/gpgsm.c 2022-09-16 12:35:03.810464946 +0100 @@ -118,7 +118,7 @@ search.found = false; search.cert_get_cb = cert_get_cb; search.hook = hook; - search.with_chain = false; + search.with_chain = !_scute_opt.no_chain; search.kinfo = kinfo; DEBUG (DBG_INFO, "scute_gpgsm_get_cert: keyref='%s'", kinfo->keyref); @@ -136,7 +136,6 @@ } DEBUG (DBG_INFO, "scute_gpgsm_get_cert: falling back to gpgsm"); - search.with_chain = true; err = scute_gpgsm_search_certs (KEYLIST_BY_GRIP, kinfo->grip, search_cb, &search); return err; --- src/options.h 2022-09-16 12:34:52.945579240 +0100 +++ src/options.h 2022-09-16 12:35:34.672140238 +0100 @@ -25,6 +25,7 @@ typedef struct { char *user; int debug_flags; + int no_chain; } _scute_opt_t; extern _scute_opt_t _scute_opt; --- src/readconf.c 2022-09-16 12:34:52.945579240 +0100 +++ src/readconf.c 2022-09-16 12:36:53.867306894 +0100 @@ -53,12 +53,13 @@ void _scute_read_conf (void) { - enum { oNull = 500, oUser, oDebug, oLogfile }; + enum { oNull = 500, oUser, oDebug, oLogfile, oNoChain }; gpgrt_opt_t opts[] = { ARGPARSE_s_s(oUser, "user", NULL ), ARGPARSE_s_s(oDebug, "debug", NULL), ARGPARSE_s_s(oLogfile, "log-file", NULL), + ARGPARSE_s_n(oNoChain, "no-chain", NULL), ARGPARSE_end() }; int dummy_argc = 0; @@ -78,6 +79,7 @@ break; case oDebug: _scute_opt.debug_flags = 1; break; case oLogfile: break; + case oNoChain: _scute_opt.no_chain = 1; break; case ARGPARSE_CONFFILE: break; default : pargs.err = ARGPARSE_PRINT_WARNING; break; }