gpgsm: Also announce AES256-CBC in signatures.

* sm/sign.c (gpgsm_sign): Add new capability. -- It might be better to have this. No concrete bug report, though.
2022-10-28 15:21:26 +02:00 · 2022-10-28 15:21:26 +02:00 · b71a14238d
parent 0ef54e644f
commit b71a14238d
1 changed files with 10 additions and 7 deletions
--- a/sm/sign.c
+++ b/sm/sign.c
@ -774,13 +774,16 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,


  /* We need to write at least a minimal list of our capabilities to
-     try to convince some MUAs to use 3DES and not the crippled
-     RC2. Our list is:
-
-        aes128-CBC
-        des-EDE3-CBC
-  */
-  err = ksba_cms_add_smime_capability (cms, "2.16.840.1.101.3.4.1.2", NULL, 0);
+   * try to convince some MUAs to use 3DES and not the crippled
+   * RC2. Our list is:
+   *
+   *   aes256-CBC
+   *   aes128-CBC
+   *   des-EDE3-CBC
+   */
+  err = ksba_cms_add_smime_capability (cms, "2.16.840.1.101.3.4.1.42", NULL,0);
+  if (!err)
+    err = ksba_cms_add_smime_capability (cms, "2.16.840.1.101.3.4.1.2", NULL,0);
  if (!err)
    err = ksba_cms_add_smime_capability (cms, "1.2.840.113549.3.7", NULL, 0);
  if (err)