security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

gpgsm: Print revocation date and reason in cert listings.

Browse source 
* dirmngr/ocsp.c (ocsp_isvalid): Add args r_revoked_at and
r_revocation_reason.
* dirmngr/server.c (cmd_isvalid): Emit a new REVOCATIONINFO status.
(cmd_checkocsp): Ditto.

* sm/call-dirmngr.c (struct isvalid_status_parm_s): Add new fields.
(isvalid_status_cb): Parse REVOCATIONINFO.
(gpgsm_dirmngr_isvalid): Add args r_revoked_at and
r_revocation_reason.

* sm/gpgsm.h (struct server_control_s): Add fields revoked_art and
revocation_reason.
* sm/keylist.c (list_cert_raw): Print revocation date.
(list_cert_std): Ditto.
--

Note that for now we do this only for OCSP because it is an important
piece of information when using the chain model.  For a sample key see
commit 7fa1d3cc82.
This commit is contained in:
Werner Koch 2022-12-05 16:42:08 +01:00
parent 4f1b9e3abb
commit b6abaed2b5
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
8 changed files with 158 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

18
sm/keylist.c
View file

@ -1201,6 +1201,15 @@ list_cert_raw (ctrl_t ctrl, KEYDB_HANDLE hd,
{
err = gpgsm_validate_chain (ctrl, cert,
GNUPG_ISOTIME_NONE, NULL, 1, fp, 0, NULL);
if (gpg_err_code (err) == GPG_ERR_CERT_REVOKED
&& !check_isotime (ctrl->revoked_at))
{
es_fputs (" revoked: ", fp);
gpgsm_print_time (fp, ctrl->revoked_at);
if (ctrl->revocation_reason)
es_fprintf (fp, " (%s)", ctrl->revocation_reason);
es_putc ('\n', fp);
}
if (!err)
es_fprintf (fp, " [certificate is good]\n");
else
@ -1451,6 +1460,15 @@ list_cert_std (ctrl_t ctrl, ksba_cert_t cert, estream_t fp, int have_secret,
err = gpgsm_validate_chain (ctrl, cert,
GNUPG_ISOTIME_NONE, NULL, 1, fp, 0, NULL);
if (gpg_err_code (err) == GPG_ERR_CERT_REVOKED
&& !check_isotime (ctrl->revoked_at))
{
es_fputs (" revoked: ", fp);
gpgsm_print_time (fp, ctrl->revoked_at);
if (ctrl->revocation_reason)
es_fprintf (fp, " (%s)", ctrl->revocation_reason);
es_putc ('\n', fp);
}
tmperr = ksba_cert_get_user_data (cert, "is_qualified",
&buffer, sizeof (buffer), &buflen);
if (!tmperr && buflen)