summaryrefslogtreecommitdiff
path: root/sm/keylist.c
diff options
context:
space:
mode:
Diffstat (limited to 'sm/keylist.c')
-rw-r--r--sm/keylist.c28
1 files changed, 23 insertions, 5 deletions
diff --git a/sm/keylist.c b/sm/keylist.c
index 4f2d009..2d51aa7 100644
--- a/sm/keylist.c
+++ b/sm/keylist.c
@@ -251,9 +251,11 @@ print_capabilities (ksba_cert_t cert, estream_t fp)
{
gpg_error_t err;
unsigned int use;
+ unsigned int is_encr, is_sign, is_cert;
size_t buflen;
char buffer[1];
+
err = ksba_cert_get_user_data (cert, "is_qualified",
&buffer, sizeof (buffer), &buflen);
if (!err && buflen)
@@ -285,17 +287,33 @@ print_capabilities (ksba_cert_t cert, estream_t fp)
return;
}
+ is_encr = is_sign = is_cert = 0;
+
if ((use & (KSBA_KEYUSAGE_KEY_ENCIPHERMENT|KSBA_KEYUSAGE_DATA_ENCIPHERMENT)))
- es_putc ('e', fp);
+ is_encr = 1;
if ((use & (KSBA_KEYUSAGE_DIGITAL_SIGNATURE|KSBA_KEYUSAGE_NON_REPUDIATION)))
- es_putc ('s', fp);
+ is_sign = 1;
if ((use & KSBA_KEYUSAGE_KEY_CERT_SIGN))
+ is_cert = 1;
+
+ /* We need to returned the faked key usage to frontends so that they
+ * can select the right key. Note that we don't do this for the
+ * human readable keyUsage. */
+ if ((opt.compat_flags & COMPAT_ALLOW_KA_TO_ENCR)
+ && (use & KSBA_KEYUSAGE_KEY_AGREEMENT))
+ is_encr = 1;
+
+ if (is_encr)
+ es_putc ('e', fp);
+ if (is_sign)
+ es_putc ('s', fp);
+ if (is_cert)
es_putc ('c', fp);
- if ((use & (KSBA_KEYUSAGE_KEY_ENCIPHERMENT|KSBA_KEYUSAGE_DATA_ENCIPHERMENT)))
+ if (is_encr)
es_putc ('E', fp);
- if ((use & (KSBA_KEYUSAGE_DIGITAL_SIGNATURE|KSBA_KEYUSAGE_NON_REPUDIATION)))
+ if (is_sign)
es_putc ('S', fp);
- if ((use & KSBA_KEYUSAGE_KEY_CERT_SIGN))
+ if (is_cert)
es_putc ('C', fp);
}