From b6abaed2b5f6a6e52069f370c61006abdc81cdf5 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Mon, 5 Dec 2022 16:42:08 +0100
Subject: gpgsm: Print revocation date and reason in cert listings.

* dirmngr/ocsp.c (ocsp_isvalid): Add args r_revoked_at and
r_revocation_reason.
* dirmngr/server.c (cmd_isvalid): Emit a new REVOCATIONINFO status.
(cmd_checkocsp): Ditto.

* sm/call-dirmngr.c (struct isvalid_status_parm_s): Add new fields.
(isvalid_status_cb): Parse REVOCATIONINFO.
(gpgsm_dirmngr_isvalid): Add args r_revoked_at and
r_revocation_reason.

* sm/gpgsm.h (struct server_control_s): Add fields revoked_art and
revocation_reason.
* sm/keylist.c (list_cert_raw): Print revocation date.
(list_cert_std): Ditto.
--

Note that for now we do this only for OCSP because it is an important
piece of information when using the chain model.  For a sample key see
commit 7fa1d3cc821dca1ea8e1c80a0bdd527177c185ee.
---
 sm/keylist.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

(limited to 'sm/keylist.c')

diff --git a/sm/keylist.c b/sm/keylist.c
index fb2c3bad5..fabd82224 100644
--- a/sm/keylist.c
+++ b/sm/keylist.c
@@ -1201,6 +1201,15 @@ list_cert_raw (ctrl_t ctrl, KEYDB_HANDLE hd,
     {
       err = gpgsm_validate_chain (ctrl, cert,
                                   GNUPG_ISOTIME_NONE, NULL, 1, fp, 0, NULL);
+      if (gpg_err_code (err) == GPG_ERR_CERT_REVOKED
+          && !check_isotime (ctrl->revoked_at))
+        {
+          es_fputs ("      revoked: ", fp);
+          gpgsm_print_time (fp, ctrl->revoked_at);
+          if (ctrl->revocation_reason)
+            es_fprintf (fp, " (%s)", ctrl->revocation_reason);
+          es_putc ('\n', fp);
+        }
       if (!err)
         es_fprintf (fp, "  [certificate is good]\n");
       else
@@ -1451,6 +1460,15 @@ list_cert_std (ctrl_t ctrl, ksba_cert_t cert, estream_t fp, int have_secret,
 
       err = gpgsm_validate_chain (ctrl, cert,
                                   GNUPG_ISOTIME_NONE, NULL, 1, fp, 0, NULL);
+      if (gpg_err_code (err) == GPG_ERR_CERT_REVOKED
+          && !check_isotime (ctrl->revoked_at))
+        {
+          es_fputs ("      revoked: ", fp);
+          gpgsm_print_time (fp, ctrl->revoked_at);
+          if (ctrl->revocation_reason)
+            es_fprintf (fp, " (%s)", ctrl->revocation_reason);
+          es_putc ('\n', fp);
+        }
       tmperr = ksba_cert_get_user_data (cert, "is_qualified",
                                         &buffer, sizeof (buffer), &buflen);
       if (!tmperr && buflen)
-- 
cgit v1.2.3