gpgsm: Set validity flag in keylisting to n for untrusted root cert.

* sm/keylist.c (list_cert_colon): Map not_trusted to 'n' for non-root certs like we do for root certs. -- GnuPG-bug-id: 6841
2023-11-27 12:34:38 +01:00 · 2023-11-27 12:34:38 +01:00 · 73aa6dc6e4
parent 4c456bf075
commit 73aa6dc6e4
1 changed files with 2 additions and 0 deletions
--- a/sm/keylist.c
+++ b/sm/keylist.c
@ -532,6 +532,8 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity,
        {
          if (gpgsm_cert_has_well_known_private_key (cert))
            *truststring = 'w';  /* Well, this is dummy CA.  */
+          else if (gpg_err_code (valerr) == GPG_ERR_NOT_TRUSTED)
+            *truststring = 'n';  /* Likely the root cert is not trusted.  */
          else
            *truststring = 'i';
        }