gpgsm: Fix colon outout of ECC encryption certificates

* sm/keylist.c (print_capabilities): Add arg algo and use it to check for ECC capabilities. (list_cert_colon): Call with algo. -- This will mark certificates with only keyAgreement usage correctly in the --with-colons listing. (cherry picked from commit f5c3f13609)
2024-06-04 22:57:47 +02:00 · 2022-11-15 16:31:46 +01:00 · 2022-11-15 16:31:46 +01:00 · 4f43b6fdae
commit 4f43b6fdae
parent 8a9a473564
1 changed files with 3 additions and 3 deletions
--- a/sm/keylist.c
+++ b/sm/keylist.c
@ -247,7 +247,7 @@ print_key_data (ksba_cert_t cert, estream_t fp)
 }

 static void
-print_capabilities (ksba_cert_t cert, estream_t fp)
+print_capabilities (ksba_cert_t cert, int algo, estream_t fp)
 {
  gpg_error_t err;
  unsigned int use;
@ -299,7 +299,7 @@ print_capabilities (ksba_cert_t cert, estream_t fp)
  /* We need to returned the faked key usage to frontends so that they
   * can select the right key.  Note that we don't do this for the
   * human readable keyUsage.  */
-  if ((opt.compat_flags & COMPAT_ALLOW_KA_TO_ENCR)
+  if ((algo == GCRY_PK_ECC || (opt.compat_flags & COMPAT_ALLOW_KA_TO_ENCR))
      && (use & KSBA_KEYUSAGE_KEY_AGREEMENT))
    is_encr = 1;

@ -539,7 +539,7 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity,
  /* Field 11, signature class - not used */
  es_putc (':', fp);
  /* Field 12, capabilities: */
-  print_capabilities (cert, fp);
+  print_capabilities (cert, algo, fp);
  es_putc (':', fp);
  /* Field 13, not used: */
  es_putc (':', fp);