From 73aa6dc6e41f16fd0b4fdd52c4a01a9f29ab9fea Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Mon, 27 Nov 2023 12:34:38 +0100
Subject: gpgsm: Set validity flag in keylisting to n for untrusted root cert.

* sm/keylist.c (list_cert_colon): Map not_trusted to 'n' for non-root
certs like we do for root certs.
--

GnuPG-bug-id: 6841
---
 sm/keylist.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'sm/keylist.c')

diff --git a/sm/keylist.c b/sm/keylist.c
index ed1b74729..47fe69f30 100644
--- a/sm/keylist.c
+++ b/sm/keylist.c
@@ -532,6 +532,8 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity,
         {
           if (gpgsm_cert_has_well_known_private_key (cert))
             *truststring = 'w';  /* Well, this is dummy CA.  */
+          else if (gpg_err_code (valerr) == GPG_ERR_NOT_TRUSTED)
+            *truststring = 'n';  /* Likely the root cert is not trusted.  */
           else
             *truststring = 'i';
         }
-- 
cgit v1.2.3