gpgsm: Print revocation date and reason in cert listings.

* dirmngr/ocsp.c (ocsp_isvalid): Add args r_revoked_at and r_revocation_reason. * dirmngr/server.c (cmd_isvalid): Emit a new REVOCATIONINFO status. (cmd_checkocsp): Ditto. * sm/call-dirmngr.c (struct isvalid_status_parm_s): Add new fields. (isvalid_status_cb): Parse REVOCATIONINFO. (gpgsm_dirmngr_isvalid): Add args r_revoked_at and r_revocation_reason. * sm/gpgsm.h (struct server_control_s): Add fields revoked_art and revocation_reason. * sm/keylist.c (list_cert_raw): Print revocation date. (list_cert_std): Ditto. -- Note that for now we do this only for OCSP because it is an important piece of information when using the chain model. For a sample key see commit 7fa1d3cc82.
2025-07-03 22:56:33 +02:00 · 2022-12-05 16:42:08 +01:00 · 2022-12-05 16:42:08 +01:00 · b6abaed2b5
commit b6abaed2b5
parent 4f1b9e3abb
8 changed files with 158 additions and 28 deletions
--- a/sm/certchain.c
+++ b/sm/certchain.c
@ -1193,6 +1193,8 @@ is_cert_still_valid (ctrl_t ctrl, int chain_model, int lm, estream_t fp,
                     int *any_revoked, int *any_no_crl, int *any_crl_too_old)
 {
  gpg_error_t err;
+  gnupg_isotime_t revoked_at;
+  char *reason;

  if (ctrl->offline || (opt.no_crl_check && !ctrl->use_ocsp))
    {
@ -1221,7 +1223,20 @@ is_cert_still_valid (ctrl_t ctrl, int chain_model, int lm, estream_t fp,

  err = gpgsm_dirmngr_isvalid (ctrl,
                               subject_cert, issuer_cert,
-                               chain_model? 2 : !!ctrl->use_ocsp);
+                               chain_model? 2 : !!ctrl->use_ocsp,
+                               revoked_at, &reason);
+  if (gpg_err_code (err) == GPG_ERR_CERT_REVOKED)
+    {
+      gnupg_copy_time (ctrl->revoked_at, revoked_at);
+      xfree (ctrl->revocation_reason);
+      ctrl->revocation_reason = reason;
+      reason = NULL;
+    }
+  else
+    {
+      xfree (reason);
+      reason = (NULL);
+    }
  audit_log_ok (ctrl->audit, AUDIT_CRL_CHECK, err);

  if (err)