From 4cf83273e84c19d0326c41ac45f6ee3b4526fc23 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ram=C3=B3n=20Garc=C3=ADa?= <ramon.garcia.f@gmail.com>
Date: Tue, 18 Mar 2025 09:43:26 +0100
Subject: gpgsm: select unexpired certificates skipping expired ones

* sm/certchain.c (check_validity_period_cm):  Make function global.
* sm/certlist.c (gpgsm_add_to_certlist): If an expired certificate is
found, continue looking for another one.

--

This enables the user to select a certificate by subject, and keep
old expired certificates in the store in case he wishes to decrypt
or verify an old file. This makes renewal of certificate smoother.

Due to a broken patch I had to massage the patch and while doing this
also fixed the indentation and moved a declaration to the begin of a
block.  - wk@gnupg.org
---
 sm/gpgsm.h | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'sm/gpgsm.h')

diff --git a/sm/gpgsm.h b/sm/gpgsm.h
index 4a4bd5ac4..c837cbee3 100644
--- a/sm/gpgsm.h
+++ b/sm/gpgsm.h
@@ -441,6 +441,11 @@ int gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert,
                           ksba_isotime_t r_exptime,
                           int listmode, estream_t listfp,
                           unsigned int flags, unsigned int *retflags);
+gpg_error_t check_validity_period_cm (ksba_isotime_t current_time,
+                          ksba_isotime_t check_time,
+                          ksba_cert_t subject_cert,
+                          ksba_isotime_t exptime,
+                          int listmode, estream_t listfp, int depth);
 int gpgsm_basic_cert_check (ctrl_t ctrl, ksba_cert_t cert);
 
 /*-- certlist.c --*/
-- 
cgit v1.2.3