* certlist.c (gpgsm_add_to_certlist): Fixed locating of a

certificate with the required key usage. * gpgsm.c (main): Fixed a segv when using --outfile without an argument. * keylist.c (print_capabilities): Also check for non-repudiation and data encipherment. * certlist.c (cert_usage_p): Test for signing and encryption was swapped. Add a case for certification usage, handle non-repudiation and data encipherment. (gpgsm_cert_use_cert_p): New. (gpgsm_add_to_certlist): Added a CTRL argument and changed all callers to pass it. * certpath.c (gpgsm_validate_path): Use it here to print a status message. Added a CTRL argument and changed all callers to pass it. * decrypt.c (gpgsm_decrypt): Print a status message for wrong key usage. * verify.c (gpgsm_verify): Ditto. * keydb.c (classify_user_id): Allow a colon delimited fingerprint.
2025-07-03 22:56:33 +02:00 · 2002-06-20 10:43:02 +00:00 · 2002-06-20 10:43:02 +00:00 · 42cf865350
commit 42cf865350
parent 52146943d1
12 changed files with 176 additions and 36 deletions
--- a/sm/verify.c
+++ b/sm/verify.c
@ -389,10 +389,17 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
          gpgsm_status (ctrl, STATUS_BADSIG, NULL);
          goto next_signer;
        }
-      gpgsm_cert_use_verify_p (cert); /* this displays an info message */
+      rc = gpgsm_cert_use_verify_p (cert); /*(this displays an info message)*/
+      if (rc)
+        {
+          gpgsm_status2 (ctrl, STATUS_ERROR, "verify.keyusage",
+                         gnupg_error_token (rc), NULL);
+          rc = 0;
+        }
+
      if (DBG_X509)
        log_debug ("signature okay - checking certs\n");
-      rc = gpgsm_validate_path (cert, &keyexptime);
+      rc = gpgsm_validate_path (ctrl, cert, &keyexptime);
      if (rc == GNUPG_Certificate_Expired)
        {
          gpgsm_status (ctrl, STATUS_EXPKEYSIG, NULL);