From b71a14238dd2e2a62111cba492a494f562da3f6c Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Fri, 28 Oct 2022 15:21:26 +0200
Subject: [PATCH] gpgsm: Also announce AES256-CBC in signatures.

* sm/sign.c (gpgsm_sign): Add new capability.
--

It might be better to have this.  No concrete bug report, though.
---
 sm/sign.c | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/sm/sign.c b/sm/sign.c
index 943589f5c..9290fc17b 100644
--- a/sm/sign.c
+++ b/sm/sign.c
@@ -774,13 +774,16 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
 
 
   /* We need to write at least a minimal list of our capabilities to
-     try to convince some MUAs to use 3DES and not the crippled
-     RC2. Our list is:
-
-        aes128-CBC
-        des-EDE3-CBC
-  */
-  err = ksba_cms_add_smime_capability (cms, "2.16.840.1.101.3.4.1.2", NULL, 0);
+   * try to convince some MUAs to use 3DES and not the crippled
+   * RC2. Our list is:
+   *
+   *   aes256-CBC
+   *   aes128-CBC
+   *   des-EDE3-CBC
+   */
+  err = ksba_cms_add_smime_capability (cms, "2.16.840.1.101.3.4.1.42", NULL,0);
+  if (!err)
+    err = ksba_cms_add_smime_capability (cms, "2.16.840.1.101.3.4.1.2", NULL,0);
   if (!err)
     err = ksba_cms_add_smime_capability (cms, "1.2.840.113549.3.7", NULL, 0);
   if (err)