diff --git a/sm/ChangeLog b/sm/ChangeLog index eb1c608dc..18431c11c 100644 --- a/sm/ChangeLog +++ b/sm/ChangeLog @@ -1,3 +1,13 @@ +2004-03-15 Werner Koch + + * keylist.c (list_cert_colon): Hack to set the expired flag. + +2004-03-09 Werner Koch + + * gpgsm.c (main): Correctly intitialze USE_OCSP flag. + + * keydb.c (keydb_delete): s/GPG_ERR_CONFLICT/GPG_ERR_NOT_LOCKED/ + 2004-03-04 Werner Koch * call-dirmngr.c (gpgsm_dirmngr_isvalid): New arg ISSUER_CERT. diff --git a/sm/gpgsm.c b/sm/gpgsm.c index 6f3e62a33..ca7fbfcca 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -932,10 +932,10 @@ main ( int argc, char **argv) break; case oDisableOCSP: - opt.enable_ocsp = 0; + ctrl.use_ocsp = opt.enable_ocsp = 0; break; case oEnableOCSP: - opt.enable_ocsp = 1; + ctrl.use_ocsp = opt.enable_ocsp = 1; break; case oIncludeCerts: ctrl.include_certs = pargs.r.ret_int; break; diff --git a/sm/keydb.c b/sm/keydb.c index ab30ba15d..858baf242 100644 --- a/sm/keydb.c +++ b/sm/keydb.c @@ -630,7 +630,7 @@ keydb_get_flags (KEYDB_HANDLE hd, int which, int idx, unsigned int *value) /* Set a flag of the last found object. WHICH is the flag to be set; it should be one of the KEYBOX_FLAG_ values. If the operation is successful, the flag value will be stored in the keybox. Note, - that some flag values can't be updated and thus may retrun an + that some flag values can't be updated and thus may return an error, some other flag values may be masked out before an update. Returns 0 on success or an error code. */ gpg_error_t @@ -760,7 +760,7 @@ keydb_delete (KEYDB_HANDLE hd) return 0; if (!hd->locked) - return gpg_error (GPG_ERR_CONFLICT); /* ...NOT_LOCKED would be better. */ + return gpg_error (GPG_ERR_NOT_LOCKED); switch (hd->active[hd->found].type) { diff --git a/sm/keylist.c b/sm/keylist.c index 6d48068b0..80cc675db 100644 --- a/sm/keylist.c +++ b/sm/keylist.c @@ -196,6 +196,19 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity, *truststring = 'e'; else if (valerr) *truststring = 'i'; + else + { + /* Lets also check whether the certificate under question + expired. This is merely a hack until we found a proper way + to store the expiration flag in the keybox. */ + ksba_isotime_t current_time, not_after; + + gnupg_get_isotime (current_time); + if (!opt.ignore_expiration + && !ksba_cert_get_validity (cert, 1, not_after) + && *not_after && strcmp (current_time, not_after) > 0 ) + *truststring = 'e'; + } if (*truststring) fputs (truststring, fp); @@ -206,14 +219,14 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity, /* pubkey_algo_of_cert (cert)*/1, fpr+24); - /* we assume --fixed-list-mode for gpgsm */ + /* We assume --fixed-list-mode for gpgsm */ ksba_cert_get_validity (cert, 0, t); print_time (t, fp); putc (':', fp); ksba_cert_get_validity (cert, 1, t); print_time ( t, fp); putc (':', fp); - /* field 8, serial number: */ + /* Field 8, serial number: */ if ((sexp = ksba_cert_get_serial (cert))) { int len; @@ -231,7 +244,7 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity, xfree (sexp); } putc (':', fp); - /* field 9, ownertrust - not used here */ + /* Field 9, ownertrust - not used here */ putc (':', fp); /* field 10, old user ID - we use it here for the issuer DN */ if ((p = ksba_cert_get_issuer (cert,0))) @@ -240,16 +253,16 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity, xfree (p); } putc (':', fp); - /* field 11, signature class - not used */ + /* Field 11, signature class - not used */ putc (':', fp); - /* field 12, capabilities: */ + /* Field 12, capabilities: */ print_capabilities (cert, fp); putc (':', fp); putc ('\n', fp); /* FPR record */ fprintf (fp, "fpr:::::::::%s:::", fpr); - /* print chaining ID (field 13)*/ + /* Print chaining ID (field 13)*/ { ksba_cert_t next; int rc;