sm: Emit user IDs in colon mode even if the Subject is empty.

* sm/keylist.c (list_cert_colon): Rework listing of user IDs. -- Only in colon mode this did not work. Note that an updated libksba is anyway required to parse a certificate with an empty Subject. GnuPG-bug-id: 7171 (cherry picked from commit 1067e544c2)
2024-11-10 21:38:50 +01:00 · 2024-06-21 10:19:00 +02:00 · 2024-06-21 10:19:00 +02:00 · 3765b42383
commit 3765b42383
parent dc9a52cb4e
2 changed files with 35 additions and 21 deletions
--- a/doc/DETAILS
+++ b/doc/DETAILS
@ -268,7 +268,10 @@ described here.

    The origin of the key or the user ID.  This is an integer
    optionally followed by a space and an URL.  This goes along with
-    the previous field.  The URL is quoted in C style.
+    the previous field.  The URL is quoted in C style.  Note that the
+    origin is stored for a user ID as well as for the entire key.  The
+    latter solves the cases where a key is updated by fingerprint and
+    and thus there is no way to know which user ID shall be used.

 *** Field 21 - Comment

--- a/sm/keylist.c
+++ b/sm/keylist.c
@ -660,36 +660,47 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity,
    print_key_data (cert, fp);

  kludge_uid = NULL;
-  for (idx=0; (p = ksba_cert_get_subject (cert,idx)); idx++)
+  p = ksba_cert_get_subject (cert, 0);
+  es_fprintf (fp, "uid:%s::::::::", truststring);
+  if (p)
+    es_write_sanitized (fp, p, strlen (p), ":", NULL);
+  es_putc (':', fp);
+  es_putc (':', fp);
+  es_putc (':', fp);
+  es_putc ('\n', fp);
+  if (p)
+    {
+      /* It would be better to get the faked email address from the
+       * keydb.  But as long as we don't have a way to pass the meta
+       * data back, we just check it the same way as the code used to
+       * create the keybox meta data does */
+      kludge_uid = email_kludge (p);
+      if (kludge_uid)
+        {
+          es_fprintf (fp, "uid:%s::::::::", truststring);
+          es_write_sanitized (fp, kludge_uid, strlen (kludge_uid),
+                              ":", NULL);
+          es_putc (':', fp);
+          es_putc (':', fp);
+          es_putc ('\n', fp);
+        }
+      xfree (p);
+    }
+  for (idx=1; (p = ksba_cert_get_subject (cert,idx)); idx++)
    {
      /* In the case that the same email address is in the subject DN
         as well as in an alternate subject name we avoid printing it
         a second time. */
      if (kludge_uid && !strcmp (kludge_uid, p))
-        continue;
-
+        {
+          xfree (p);
+          continue;
+        }
      es_fprintf (fp, "uid:%s::::::::", truststring);
      es_write_sanitized (fp, p, strlen (p), ":", NULL);
      es_putc (':', fp);
      es_putc (':', fp);
      es_putc ('\n', fp);
-      if (!idx)
-        {
-          /* It would be better to get the faked email address from
-             the keydb.  But as long as we don't have a way to pass
-             the meta data back, we just check it the same way as the
-             code used to create the keybox meta data does */
-          kludge_uid = email_kludge (p);
-          if (kludge_uid)
-            {
-              es_fprintf (fp, "uid:%s::::::::", truststring);
-              es_write_sanitized (fp, kludge_uid, strlen (kludge_uid),
-                                  ":", NULL);
-              es_putc (':', fp);
-              es_putc (':', fp);
-              es_putc ('\n', fp);
-            }
-        }
      xfree (p);
    }
  xfree (kludge_uid);