1 files changed, 21 insertions, 3 deletions

diff --git a/sm/keylist.c b/sm/keylist.c
index 9e2c79c..fabd822 100644
--- a/sm/keylist.c
+++ b/sm/keylist.c
@@ -300,7 +300,7 @@ print_pk_screening (ksba_cert_t cert, int colon_mode, estream_t fp)
 
 
 static void
-print_capabilities (ksba_cert_t cert, estream_t fp)
+print_capabilities (ksba_cert_t cert, int algo, estream_t fp)
 {
   gpg_error_t err;
   unsigned int use;
@@ -352,7 +352,7 @@ print_capabilities (ksba_cert_t cert, estream_t fp)
   /* We need to returned the faked key usage to frontends so that they
    * can select the right key.  Note that we don't do this for the
    * human readable keyUsage.  */
-  if ((opt.compat_flags & COMPAT_ALLOW_KA_TO_ENCR)
+  if ((algo == GCRY_PK_ECC || (opt.compat_flags & COMPAT_ALLOW_KA_TO_ENCR))
       && (use & KSBA_KEYUSAGE_KEY_AGREEMENT))
     is_encr = 1;
 
@@ -599,7 +599,7 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity,
   /* Field 11, signature class - not used */
   es_putc (':', fp);
   /* Field 12, capabilities: */
-  print_capabilities (cert, fp);
+  print_capabilities (cert, algo, fp);
   es_putc (':', fp);
   /* Field 13, not used: */
   es_putc (':', fp);
@@ -1201,6 +1201,15 @@ list_cert_raw (ctrl_t ctrl, KEYDB_HANDLE hd,
     {
       err = gpgsm_validate_chain (ctrl, cert,
                                   GNUPG_ISOTIME_NONE, NULL, 1, fp, 0, NULL);
+      if (gpg_err_code (err) == GPG_ERR_CERT_REVOKED
+          && !check_isotime (ctrl->revoked_at))
+        {
+          es_fputs ("      revoked: ", fp);
+          gpgsm_print_time (fp, ctrl->revoked_at);
+          if (ctrl->revocation_reason)
+            es_fprintf (fp, " (%s)", ctrl->revocation_reason);
+          es_putc ('\n', fp);
+        }
       if (!err)
         es_fprintf (fp, "  [certificate is good]\n");
       else
@@ -1451,6 +1460,15 @@ list_cert_std (ctrl_t ctrl, ksba_cert_t cert, estream_t fp, int have_secret,
 
       err = gpgsm_validate_chain (ctrl, cert,
                                   GNUPG_ISOTIME_NONE, NULL, 1, fp, 0, NULL);
+      if (gpg_err_code (err) == GPG_ERR_CERT_REVOKED
+          && !check_isotime (ctrl->revoked_at))
+        {
+          es_fputs ("      revoked: ", fp);
+          gpgsm_print_time (fp, ctrl->revoked_at);
+          if (ctrl->revocation_reason)
+            es_fprintf (fp, " (%s)", ctrl->revocation_reason);
+          es_putc ('\n', fp);
+        }
       tmperr = ksba_cert_get_user_data (cert, "is_qualified",
                                         &buffer, sizeof (buffer), &buflen);
       if (!tmperr && buflen)