sm: Emit user IDs in colon mode even if the Subject is empty.

* sm/keylist.c (list_cert_colon): Rework listing of user IDs. -- Only in colon mode this did not work. Note that an updated libksba is anyway required to parse a certificate with an empty Subject. GnuPG-bug-id: 7171
2024-09-19 14:41:41 +02:00 · 2024-06-21 10:19:00 +02:00 · 2024-06-21 10:19:00 +02:00 · 1067e544c2
commit 1067e544c2
parent 9bc3f2ad52
2 changed files with 35 additions and 21 deletions
--- a/doc/DETAILS
+++ b/doc/DETAILS
@ -271,7 +271,10 @@ described here.

    The origin of the key or the user ID.  This is an integer
    optionally followed by a space and an URL.  This goes along with
-    the previous field.  The URL is quoted in C style.
+    the previous field.  The URL is quoted in C style.  Note that the
+    origin is stored for a user ID as well as for the entire key.  The
+    latter solves the cases where a key is updated by fingerprint and
+    and thus there is no way to know which user ID shall be used.

 *** Field 21 - Comment

--- a/sm/keylist.c
+++ b/sm/keylist.c
@ -660,25 +660,20 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity,
    print_key_data (cert, fp);

  kludge_uid = NULL;
-  for (idx=0; (p = ksba_cert_get_subject (cert,idx)); idx++)
-    {
-      /* In the case that the same email address is in the subject DN
-         as well as in an alternate subject name we avoid printing it
-         a second time. */
-      if (kludge_uid && !strcmp (kludge_uid, p))
-        continue;
-
+  p = ksba_cert_get_subject (cert, 0);
  es_fprintf (fp, "uid:%s::::::::", truststring);
+  if (p)
    es_write_sanitized (fp, p, strlen (p), ":", NULL);
  es_putc (':', fp);
  es_putc (':', fp);
+  es_putc (':', fp);
  es_putc ('\n', fp);
-      if (!idx)
+  if (p)
    {
-          /* It would be better to get the faked email address from
-             the keydb.  But as long as we don't have a way to pass
-             the meta data back, we just check it the same way as the
-             code used to create the keybox meta data does */
+      /* It would be better to get the faked email address from the
+       * keydb.  But as long as we don't have a way to pass the meta
+       * data back, we just check it the same way as the code used to
+       * create the keybox meta data does */
      kludge_uid = email_kludge (p);
      if (kludge_uid)
        {
@ -689,7 +684,23 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity,
          es_putc (':', fp);
          es_putc ('\n', fp);
        }
+      xfree (p);
    }
+  for (idx=1; (p = ksba_cert_get_subject (cert,idx)); idx++)
+    {
+      /* In the case that the same email address is in the subject DN
+         as well as in an alternate subject name we avoid printing it
+         a second time. */
+      if (kludge_uid && !strcmp (kludge_uid, p))
+        {
+          xfree (p);
+          continue;
+        }
+      es_fprintf (fp, "uid:%s::::::::", truststring);
+      es_write_sanitized (fp, p, strlen (p), ":", NULL);
+      es_putc (':', fp);
+      es_putc (':', fp);
+      es_putc ('\n', fp);
      xfree (p);
    }
  xfree (kludge_uid);