security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-09-19 14:41:41 +02:00
Code Activity

sm: Emit user IDs in colon mode even if the Subject is empty.

Browse Source 
* sm/keylist.c (list_cert_colon): Rework listing of user IDs.
--

Only in colon mode this did not work.  Note that an updated libksba is
anyway required to parse a certificate with an empty Subject.

GnuPG-bug-id: 7171
This commit is contained in:
Werner Koch 2024-06-21 10:19:00 +02:00
parent 9bc3f2ad52
commit 1067e544c2
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
2 changed files with 35 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
doc/DETAILS
View File

@ -271,7 +271,10 @@ described here.
The origin of the key or the user ID. This is an integer The origin of the key or the user ID. This is an integer
optionally followed by a space and an URL. This goes along with optionally followed by a space and an URL. This goes along with
the previous field. The URL is quoted in C style. the previous field. The URL is quoted in C style. Note that the
origin is stored for a user ID as well as for the entire key. The
latter solves the cases where a key is updated by fingerprint and
and thus there is no way to know which user ID shall be used.
*** Field 21 - Comment *** Field 21 - Comment

37
sm/keylist.c
View File

@ -660,25 +660,20 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity,
print_key_data (cert, fp); print_key_data (cert, fp);
kludge_uid = NULL; kludge_uid = NULL;
for (idx=0; (p = ksba_cert_get_subject (cert,idx)); idx++) p = ksba_cert_get_subject (cert, 0);
{
/* In the case that the same email address is in the subject DN
as well as in an alternate subject name we avoid printing it
a second time. */
if (kludge_uid && !strcmp (kludge_uid, p))
continue;
es_fprintf (fp, "uid:%s::::::::", truststring); es_fprintf (fp, "uid:%s::::::::", truststring);
if (p)
es_write_sanitized (fp, p, strlen (p), ":", NULL); es_write_sanitized (fp, p, strlen (p), ":", NULL);
es_putc (':', fp); es_putc (':', fp);
es_putc (':', fp); es_putc (':', fp);
es_putc (':', fp);
es_putc ('\n', fp); es_putc ('\n', fp);
if (!idx) if (p)
{ {
/* It would be better to get the faked email address from /* It would be better to get the faked email address from the
the keydb. But as long as we don't have a way to pass * keydb. But as long as we don't have a way to pass the meta
the meta data back, we just check it the same way as the * data back, we just check it the same way as the code used to
code used to create the keybox meta data does */ * create the keybox meta data does */
kludge_uid = email_kludge (p); kludge_uid = email_kludge (p);
if (kludge_uid) if (kludge_uid)
{ {
@ -689,7 +684,23 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity,
es_putc (':', fp); es_putc (':', fp);
es_putc ('\n', fp); es_putc ('\n', fp);
} }
xfree (p);
} }
for (idx=1; (p = ksba_cert_get_subject (cert,idx)); idx++)
{
/* In the case that the same email address is in the subject DN
as well as in an alternate subject name we avoid printing it
a second time. */
if (kludge_uid && !strcmp (kludge_uid, p))
{
xfree (p);
continue;
}
es_fprintf (fp, "uid:%s::::::::", truststring);
es_write_sanitized (fp, p, strlen (p), ":", NULL);
es_putc (':', fp);
es_putc (':', fp);
es_putc ('\n', fp);
xfree (p); xfree (p);
} }
xfree (kludge_uid); xfree (kludge_uid);