summaryrefslogtreecommitdiff
path: root/sm/keylist.c
diff options
context:
space:
mode:
Diffstat (limited to 'sm/keylist.c')
-rw-r--r--sm/keylist.c24
1 files changed, 21 insertions, 3 deletions
diff --git a/sm/keylist.c b/sm/keylist.c
index 9e2c79c..fabd822 100644
--- a/sm/keylist.c
+++ b/sm/keylist.c
@@ -300,7 +300,7 @@ print_pk_screening (ksba_cert_t cert, int colon_mode, estream_t fp)
static void
-print_capabilities (ksba_cert_t cert, estream_t fp)
+print_capabilities (ksba_cert_t cert, int algo, estream_t fp)
{
gpg_error_t err;
unsigned int use;
@@ -352,7 +352,7 @@ print_capabilities (ksba_cert_t cert, estream_t fp)
/* We need to returned the faked key usage to frontends so that they
* can select the right key. Note that we don't do this for the
* human readable keyUsage. */
- if ((opt.compat_flags & COMPAT_ALLOW_KA_TO_ENCR)
+ if ((algo == GCRY_PK_ECC || (opt.compat_flags & COMPAT_ALLOW_KA_TO_ENCR))
&& (use & KSBA_KEYUSAGE_KEY_AGREEMENT))
is_encr = 1;
@@ -599,7 +599,7 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity,
/* Field 11, signature class - not used */
es_putc (':', fp);
/* Field 12, capabilities: */
- print_capabilities (cert, fp);
+ print_capabilities (cert, algo, fp);
es_putc (':', fp);
/* Field 13, not used: */
es_putc (':', fp);
@@ -1201,6 +1201,15 @@ list_cert_raw (ctrl_t ctrl, KEYDB_HANDLE hd,
{
err = gpgsm_validate_chain (ctrl, cert,
GNUPG_ISOTIME_NONE, NULL, 1, fp, 0, NULL);
+ if (gpg_err_code (err) == GPG_ERR_CERT_REVOKED
+ && !check_isotime (ctrl->revoked_at))
+ {
+ es_fputs (" revoked: ", fp);
+ gpgsm_print_time (fp, ctrl->revoked_at);
+ if (ctrl->revocation_reason)
+ es_fprintf (fp, " (%s)", ctrl->revocation_reason);
+ es_putc ('\n', fp);
+ }
if (!err)
es_fprintf (fp, " [certificate is good]\n");
else
@@ -1451,6 +1460,15 @@ list_cert_std (ctrl_t ctrl, ksba_cert_t cert, estream_t fp, int have_secret,
err = gpgsm_validate_chain (ctrl, cert,
GNUPG_ISOTIME_NONE, NULL, 1, fp, 0, NULL);
+ if (gpg_err_code (err) == GPG_ERR_CERT_REVOKED
+ && !check_isotime (ctrl->revoked_at))
+ {
+ es_fputs (" revoked: ", fp);
+ gpgsm_print_time (fp, ctrl->revoked_at);
+ if (ctrl->revocation_reason)
+ es_fprintf (fp, " (%s)", ctrl->revocation_reason);
+ es_putc ('\n', fp);
+ }
tmperr = ksba_cert_get_user_data (cert, "is_qualified",
&buffer, sizeof (buffer), &buflen);
if (!tmperr && buflen)