diff options
Diffstat (limited to 'sm/keylist.c')
-rw-r--r-- | sm/keylist.c | 24 |
1 files changed, 21 insertions, 3 deletions
diff --git a/sm/keylist.c b/sm/keylist.c index 9e2c79c..fabd822 100644 --- a/sm/keylist.c +++ b/sm/keylist.c @@ -300,7 +300,7 @@ print_pk_screening (ksba_cert_t cert, int colon_mode, estream_t fp) static void -print_capabilities (ksba_cert_t cert, estream_t fp) +print_capabilities (ksba_cert_t cert, int algo, estream_t fp) { gpg_error_t err; unsigned int use; @@ -352,7 +352,7 @@ print_capabilities (ksba_cert_t cert, estream_t fp) /* We need to returned the faked key usage to frontends so that they * can select the right key. Note that we don't do this for the * human readable keyUsage. */ - if ((opt.compat_flags & COMPAT_ALLOW_KA_TO_ENCR) + if ((algo == GCRY_PK_ECC || (opt.compat_flags & COMPAT_ALLOW_KA_TO_ENCR)) && (use & KSBA_KEYUSAGE_KEY_AGREEMENT)) is_encr = 1; @@ -599,7 +599,7 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity, /* Field 11, signature class - not used */ es_putc (':', fp); /* Field 12, capabilities: */ - print_capabilities (cert, fp); + print_capabilities (cert, algo, fp); es_putc (':', fp); /* Field 13, not used: */ es_putc (':', fp); @@ -1201,6 +1201,15 @@ list_cert_raw (ctrl_t ctrl, KEYDB_HANDLE hd, { err = gpgsm_validate_chain (ctrl, cert, GNUPG_ISOTIME_NONE, NULL, 1, fp, 0, NULL); + if (gpg_err_code (err) == GPG_ERR_CERT_REVOKED + && !check_isotime (ctrl->revoked_at)) + { + es_fputs (" revoked: ", fp); + gpgsm_print_time (fp, ctrl->revoked_at); + if (ctrl->revocation_reason) + es_fprintf (fp, " (%s)", ctrl->revocation_reason); + es_putc ('\n', fp); + } if (!err) es_fprintf (fp, " [certificate is good]\n"); else @@ -1451,6 +1460,15 @@ list_cert_std (ctrl_t ctrl, ksba_cert_t cert, estream_t fp, int have_secret, err = gpgsm_validate_chain (ctrl, cert, GNUPG_ISOTIME_NONE, NULL, 1, fp, 0, NULL); + if (gpg_err_code (err) == GPG_ERR_CERT_REVOKED + && !check_isotime (ctrl->revoked_at)) + { + es_fputs (" revoked: ", fp); + gpgsm_print_time (fp, ctrl->revoked_at); + if (ctrl->revocation_reason) + es_fprintf (fp, " (%s)", ctrl->revocation_reason); + es_putc ('\n', fp); + } tmperr = ksba_cert_get_user_data (cert, "is_qualified", &buffer, sizeof (buffer), &buflen); if (!tmperr && buflen) |