(list_cert_colon): Hack to set the expired flag.

sm/ChangeLog

@@ -1,3 +1,13 @@
+2004-03-15  Werner Koch  <wk@gnupg.org>
+
+	* keylist.c (list_cert_colon): Hack to set the expired flag.
+
+2004-03-09  Werner Koch  <wk@gnupg.org>
+
+	* gpgsm.c (main): Correctly intitialze USE_OCSP flag.
+
+	* keydb.c (keydb_delete): s/GPG_ERR_CONFLICT/GPG_ERR_NOT_LOCKED/
+
 2004-03-04  Werner Koch  <wk@gnupg.org>
 
 	* call-dirmngr.c (gpgsm_dirmngr_isvalid): New arg ISSUER_CERT.

sm/gpgsm.c

@@ -932,10 +932,10 @@ main ( int argc, char **argv)
           break;
 
         case oDisableOCSP:
-          opt.enable_ocsp = 0;
+          ctrl.use_ocsp = opt.enable_ocsp = 0;
           break;
         case oEnableOCSP:
-          opt.enable_ocsp = 1;
+          ctrl.use_ocsp = opt.enable_ocsp = 1;
           break;
 
         case oIncludeCerts: ctrl.include_certs = pargs.r.ret_int; break;

sm/keydb.c

@@ -630,7 +630,7 @@ keydb_get_flags (KEYDB_HANDLE hd, int which, int idx, unsigned int *value)
 /* Set a flag of the last found object. WHICH is the flag to be set; it
    should be one of the KEYBOX_FLAG_ values.  If the operation is
    successful, the flag value will be stored in the keybox.  Note,
-   that some flag values can't be updated and thus may retrun an
+   that some flag values can't be updated and thus may return an
    error, some other flag values may be masked out before an update.
    Returns 0 on success or an error code. */
 gpg_error_t
@@ -760,7 +760,7 @@ keydb_delete (KEYDB_HANDLE hd)
     return 0;
 
   if (!hd->locked)
-    return gpg_error (GPG_ERR_CONFLICT); /* ...NOT_LOCKED would be better. */
+    return gpg_error (GPG_ERR_NOT_LOCKED); 
 
   switch (hd->active[hd->found].type)
     {

sm/keylist.c

@@ -196,6 +196,19 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity,
     *truststring = 'e';
   else if (valerr)
     *truststring = 'i';
+  else 
+    {
+      /* Lets also check whether the certificate under question
+         expired.  This is merely a hack until we found a proper way
+         to store the expiration flag in the keybox. */
+      ksba_isotime_t current_time, not_after;
+  
+      gnupg_get_isotime (current_time);
+      if (!opt.ignore_expiration
+          && !ksba_cert_get_validity (cert, 1, not_after)
+          && *not_after && strcmp (current_time, not_after) > 0 )
+        *truststring = 'e';
+    }
   
   if (*truststring)
     fputs (truststring, fp);
@@ -206,14 +219,14 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity,
            /* pubkey_algo_of_cert (cert)*/1,
            fpr+24);
 
-  /* we assume --fixed-list-mode for gpgsm */
+  /* We assume --fixed-list-mode for gpgsm */
   ksba_cert_get_validity (cert, 0, t);
   print_time (t, fp);
   putc (':', fp);
   ksba_cert_get_validity (cert, 1, t);
   print_time ( t, fp);
   putc (':', fp);
-  /* field 8, serial number: */
+  /* Field 8, serial number: */
   if ((sexp = ksba_cert_get_serial (cert)))
     {
       int len;
@@ -231,7 +244,7 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity,
       xfree (sexp);
     }
   putc (':', fp);
-  /* field 9, ownertrust - not used here */
+  /* Field 9, ownertrust - not used here */
   putc (':', fp);
   /* field 10, old user ID - we use it here for the issuer DN */
   if ((p = ksba_cert_get_issuer (cert,0)))
@@ -240,16 +253,16 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity,
       xfree (p);
     }
   putc (':', fp);
-  /* field 11, signature class - not used */ 
+  /* Field 11, signature class - not used */ 
   putc (':', fp);
-  /* field 12, capabilities: */ 
+  /* Field 12, capabilities: */ 
   print_capabilities (cert, fp);
   putc (':', fp);
   putc ('\n', fp);
 
   /* FPR record */
   fprintf (fp, "fpr:::::::::%s:::", fpr);
-  /* print chaining ID (field 13)*/
+  /* Print chaining ID (field 13)*/
   {
     ksba_cert_t next;
     int rc;