(show_key_with_all_names): Print the card S/N.

* app-openpgp.c (app_select_openpgp): Its app_munge_serialno and not app_number_serialno.
2025-01-02 12:01:32 +01:00 · 2004-09-20 18:47:11 +00:00 · 2004-09-20 18:47:11 +00:00 · f100401478
commit f100401478
parent 9ec1437772
6 changed files with 49 additions and 4 deletions
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,3 +1,7 @@
+2004-09-20  Werner Koch  <wk@g10code.com>
+
+	* keyedit.c (show_key_with_all_names): Print the card S/N.
+
 2004-09-11  Moritz Schulte  <moritz@g10code.com>

 	* openfile.c (copy_options_file): Fixed last commit (added a `+').
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@ -2121,6 +2121,27 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
 			  datestr_from_sk(sk),
 			  expirestr_from_sk(sk) );
 	    tty_printf("\n");
+            if (sk->is_protected && sk->protect.s2k.mode == 1002)
+              {
+		tty_printf("                     ");
+                tty_printf(_("card-no: ")); 
+                if (sk->protect.ivlen == 16
+                    && !memcmp (sk->protect.iv, "\xD2\x76\x00\x01\x24\x01", 6))
+                  { /* This is an OpenPGP card. */
+                    for (i=8; i < 14; i++)
+                      {
+                        if (i == 10)
+                          tty_printf (" ");
+                        tty_printf ("%02X", sk->protect.iv[i]);
+                      }
+                  }
+                else
+                  { /* Something is wrong: Print all. */
+                    for (i=0; i < sk->protect.ivlen; i++)
+                      tty_printf ("%02X", sk->protect.iv[i]);
+                  }
+                tty_printf ("\n");
+              }
 	}
 	else if( with_subkeys && node->pkt->pkttype == PKT_SIGNATURE
 		 && node->pkt->pkt.signature->sig_class == 0x28       ) {
--- a/scd/ChangeLog
+++ b/scd/ChangeLog
@ -1,3 +1,8 @@
+2004-09-11  Werner Koch  <wk@g10code.com>
+
+	* app-openpgp.c (app_select_openpgp): Its app_munge_serialno and
+	not app_number_serialno.
+
 2004-08-20  Werner Koch  <wk@g10code.de>

 	* app.c (select_application): Fixed serial number extraction and
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@ -1397,7 +1397,7 @@ app_select_openpgp (APP app)
 #if GNUPG_MAJOR_VERSION != 1
      /* A valid OpenPGP card should never need this but well the test
         is cheap. */
-      rc = app_number_serialno (app);
+      rc = app_munge_serialno (app);
      if (rc)
        goto leave;
 #endif
--- a/sm/ChangeLog
+++ b/sm/ChangeLog
@ -1,3 +1,9 @@
+2004-09-14  Werner Koch  <wk@g10code.com>
+
+	* certchain.c (gpgsm_validate_chain): Give expired certificates a
+	higher error precedence and don't bother to check any CRL in that
+	case.
+
 2004-08-24  Werner Koch  <wk@g10code.de>

 	* certlist.c: Fixed typo in ocsp OID.
--- a/sm/certchain.c
+++ b/sm/certchain.c
@ -672,7 +672,12 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
          else if (gpg_err_code (rc) == GPG_ERR_NOT_TRUSTED)
            {
              do_list (0, lm, fp, _("root certificate is not marked trusted"));
-              if (!lm)
+              /* If we already figured out that the certificate is
+                 expired it does not make much sense to ask the user
+                 whether we wants to trust the root certificate.  He
+                 should do this only if the certificate under question
+                 will then be usable. */
+              if (!lm && !any_expired)
                {
                  int rc2;
                  char *fpr = gpgsm_get_fingerprint_string (subject_cert,
@ -707,6 +712,8 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
          /* Check for revocations etc. */
          if ((flags & 1))
            rc = 0;
+          else if (any_expired)
+            ; /* Don't bother to run the expensive CRL check then. */
          else
            rc = is_cert_still_valid (ctrl, lm, fp,
                                      subject_cert, subject_cert,
@ -835,6 +842,8 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
      /* Check for revocations etc. */
      if ((flags & 1))
        rc = 0;
+      else if (any_expired)
+        ; /* Don't bother to run the expensive CRL check then. */
      else
        rc = is_cert_still_valid (ctrl, lm, fp,
                                  subject_cert, issuer_cert,
@ -866,14 +875,14 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
         the error code to the most critical one */
      if (any_revoked)
        rc = gpg_error (GPG_ERR_CERT_REVOKED);
+      else if (any_expired)
+        rc = gpg_error (GPG_ERR_CERT_EXPIRED);
      else if (any_no_crl)
        rc = gpg_error (GPG_ERR_NO_CRL_KNOWN);
      else if (any_crl_too_old)
        rc = gpg_error (GPG_ERR_CRL_TOO_OLD);
      else if (any_no_policy_match)
        rc = gpg_error (GPG_ERR_NO_POLICY_MATCH);
-      else if (any_expired)
-        rc = gpg_error (GPG_ERR_CERT_EXPIRED);
    }
  
 leave: