From a6eefa99963adb27337f7ae0a4707be592526161 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Mon, 27 Nov 2023 12:34:38 +0100
Subject: [PATCH] gpgsm: Set validity flag in keylisting to n for untrusted
 root cert.

* sm/keylist.c (list_cert_colon): Map not_trusted to 'n' for non-root
certs like we do for root certs.
--

GnuPG-bug-id: 6841
---
 sm/keylist.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/sm/keylist.c b/sm/keylist.c
index bac973984..4e2d99920 100644
--- a/sm/keylist.c
+++ b/sm/keylist.c
@@ -472,6 +472,8 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity,
         {
           if (gpgsm_cert_has_well_known_private_key (cert))
             *truststring = 'w';  /* Well, this is dummy CA.  */
+          else if (gpg_err_code (valerr) == GPG_ERR_NOT_TRUSTED)
+            *truststring = 'n';  /* Likely the root cert is not trusted.  */
           else
             *truststring = 'i';
         }