mirror of git://git.gnupg.org/gnupg.git
be69bf0cbd
* sm/keylist.c (print_compliance_flags): Also check the digest_algo.
Add new arg 'cert'.
--
A certificate with algorithm sha1WithRSAEncryption can be de-vs
compliant (e.g. if the next in the chain used sha256WithRSAEncryption
to sign it and RSA is long enough) but flagging it as such is useless
because that certificate can't be used because it will create
signatures using the non-compliant SHA-1 algorithm.
Well, it could be used for encryption. But also evaluating the
key-usage flags here would make it harder for the user to understand
why certain certificates are listed as de-vs compliant and others are
not.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| ChangeLog-2011 | ||
| Makefile.am | ||
| call-agent.c | ||
| call-dirmngr.c | ||
| certchain.c | ||
| certcheck.c | ||
| certdump.c | ||
| certlist.c | ||
| certreqgen-ui.c | ||
| certreqgen.c | ||
| decrypt.c | ||
| delete.c | ||
| encrypt.c | ||
| export.c | ||
| fingerprint.c | ||
| gpgsm-w32info.rc | ||
| gpgsm.c | ||
| gpgsm.h | ||
| import.c | ||
| keydb.c | ||
| keydb.h | ||
| keylist.c | ||
| minip12.c | ||
| minip12.h | ||
| misc.c | ||
| passphrase.c | ||
| passphrase.h | ||
| qualified.c | ||
| server.c | ||
| sign.c | ||
| verify.c | ||