OpenPGP authentication is disabled by default

The flag --enable-openpgp-authenticationcan be used to revert
this change.

Resolves #178

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

3 files changed, 11 insertions, 10 deletions

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index bdc07e548c..da3bf6ab4f 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -90,7 +90,7 @@ minimal/Fedora/x86_64:
     ./configure --with-included-libtasn1 --enable-valgrind-tests
     --disable-doc --disable-dtls-srtp-support --disable-alpn-support --disable-rsa-export
     --disable-heartbeat-support --disable-srp-authentication --disable-psk-authentication
-    --disable-anon-authentication --disable-dhe --disable-ecdhe --disable-openpgp-authentication
+    --disable-anon-authentication --disable-dhe --disable-ecdhe
     --disable-ocsp --disable-session-tickets --disable-non-suiteb-curves --with-included-unistring
     --disable-nls --disable-crywrap --disable-libdane --without-p11-kit --without-tpm
     --disable-ssl3-support --disable-ssl2-support --without-zlib --disable-doc --disable-tests --enable-openssl-compatibility && make -j$(nproc)
@@ -166,12 +166,12 @@ IDNA2003/Fedora/x86_64:
       - build/tests/*.log
       - build/tests/*/*.log
 
-no-openpgp/Fedora/x86_64:
+openpgp/Fedora/x86_64:
   stage: stage1-testing
   image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
   script:
   - mkdir -p build && cd build &&
-    ../configure --disable-openpgp-authentication --disable-doc --disable-guile --disable-full-test-suite
+    ../configure --enable-openpgp-authentication --disable-doc --disable-guile --disable-full-test-suite
   - make -j$(nproc)
   - make abi-check
   - make check -j$(nproc)
diff --git a/NEWS b/NEWS
index a5db9610f5..553059b9e3 100644
--- a/NEWS
+++ b/NEWS
@@ -33,9 +33,10 @@ See the end for copying conditions.
    behavior can be overriden by providing the flag GNUTLS_VERIFY_IGNORE_UNKNOWN_CRIT_EXTENSIONS
    to verification functions. Resolves gitlab issue #177.
 
-** libgnutls: The --disable-openpgp-authentication configure option will provide
-   an ABI-compatible library, with the openpgp functionality implemented as stubs.
-   The stubs are functions which only return an error on call.
+** libgnutls: OpenPGP authentication is disabled by default, and the resulting
+   library is ABI compatible (will openpgp related functions being stubs that fail
+   on invocation). The flag --enable-openpgp-authentication to configure will
+   enable OpenPGP authentication support.
 
 ** libgnutls: Refuse to generate a certificate with an illegal version, or an
    illegal serial number. That is, gnutls_x509_crt_set_version() and
diff --git a/m4/hooks.m4 b/m4/hooks.m4
index 1c4f5b50ce..e48850fa4a 100644
--- a/m4/hooks.m4
+++ b/m4/hooks.m4
@@ -302,11 +302,11 @@ LIBTASN1_MINIMUM=4.9
   fi
   AM_CONDITIONAL(ENABLE_ECDHE, test "$ac_enable_ecdhe" != "no")
 
-  ac_enable_openpgp=yes
-  AC_MSG_CHECKING([whether to disable OpenPGP Certificate authentication support])
+  ac_enable_openpgp=no
+  AC_MSG_CHECKING([whether to enable OpenPGP Certificate authentication support])
   AC_ARG_ENABLE(openpgp-authentication,
-    AS_HELP_STRING([--disable-openpgp-authentication],
-                   [disable the OpenPGP authentication support]),
+    AS_HELP_STRING([--enable-openpgp-authentication],
+                   [enable the OpenPGP authentication support]),
     ac_enable_openpgp=$enableval)
   if test x$ac_enable_openpgp = xno; then
    AC_MSG_RESULT(yes)