gpgsm: Fix colon outout of ECC encryption certificates

* sm/keylist.c (print_capabilities): Add arg algo and use it to check for ECC capabilities. (list_cert_colon): Call with algo. -- This will mark certificates with only keyAgreement usage correctly in the --with-colons listing.
2022-11-15 16:31:46 +01:00 · 2022-11-15 16:31:46 +01:00 · f5c3f13609
parent 2c4757352d
commit f5c3f13609
1 changed files with 3 additions and 3 deletions
--- a/sm/keylist.c
+++ b/sm/keylist.c
@ -300,7 +300,7 @@ print_pk_screening (ksba_cert_t cert, int colon_mode, estream_t fp)


 static void
-print_capabilities (ksba_cert_t cert, estream_t fp)
+print_capabilities (ksba_cert_t cert, int algo, estream_t fp)
 {
  gpg_error_t err;
  unsigned int use;
@ -352,7 +352,7 @@ print_capabilities (ksba_cert_t cert, estream_t fp)
  /* We need to returned the faked key usage to frontends so that they
   * can select the right key.  Note that we don't do this for the
   * human readable keyUsage.  */
-  if ((opt.compat_flags & COMPAT_ALLOW_KA_TO_ENCR)
+  if ((algo == GCRY_PK_ECC || (opt.compat_flags & COMPAT_ALLOW_KA_TO_ENCR))
      && (use & KSBA_KEYUSAGE_KEY_AGREEMENT))
    is_encr = 1;

@ -599,7 +599,7 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity,
  /* Field 11, signature class - not used */
  es_putc (':', fp);
  /* Field 12, capabilities: */
-  print_capabilities (cert, fp);
+  print_capabilities (cert, algo, fp);
  es_putc (':', fp);
  /* Field 13, not used: */
  es_putc (':', fp);