From 42cf865350db37e80ab923bdc53e041cf9487501 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 20 Jun 2002 10:43:02 +0000 Subject: * certlist.c (gpgsm_add_to_certlist): Fixed locating of a certificate with the required key usage. * gpgsm.c (main): Fixed a segv when using --outfile without an argument. * keylist.c (print_capabilities): Also check for non-repudiation and data encipherment. * certlist.c (cert_usage_p): Test for signing and encryption was swapped. Add a case for certification usage, handle non-repudiation and data encipherment. (gpgsm_cert_use_cert_p): New. (gpgsm_add_to_certlist): Added a CTRL argument and changed all callers to pass it. * certpath.c (gpgsm_validate_path): Use it here to print a status message. Added a CTRL argument and changed all callers to pass it. * decrypt.c (gpgsm_decrypt): Print a status message for wrong key usage. * verify.c (gpgsm_verify): Ditto. * keydb.c (classify_user_id): Allow a colon delimited fingerprint. --- sm/certpath.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'sm/certpath.c') diff --git a/sm/certpath.c b/sm/certpath.c index 0b2d8b4fc..01696fc27 100644 --- a/sm/certpath.c +++ b/sm/certpath.c @@ -308,7 +308,7 @@ gpgsm_is_root_cert (KsbaCert cert) /* Validate a path and optionally return the nearest expiration time in R_EXPTIME */ int -gpgsm_validate_path (KsbaCert cert, time_t *r_exptime) +gpgsm_validate_path (CTRL ctrl, KsbaCert cert, time_t *r_exptime) { int rc = 0, depth = 0, maxdepth; char *issuer = NULL; @@ -551,6 +551,14 @@ gpgsm_validate_path (KsbaCert cert, time_t *r_exptime) } } + rc = gpgsm_cert_use_cert_p (issuer_cert); + if (rc) + { + gpgsm_status2 (ctrl, STATUS_ERROR, "certpath.issuer.keyusage", + gnupg_error_token (rc), NULL); + rc = 0; + } + if (opt.verbose) log_info ("certificate is good\n"); -- cgit v1.2.3