gpgsm: Print revocation date and reason in cert listings.

* dirmngr/ocsp.c (ocsp_isvalid): Add args r_revoked_at and
r_revocation_reason.
* dirmngr/server.c (cmd_isvalid): Emit a new REVOCATIONINFO status.
(cmd_checkocsp): Ditto.

* sm/call-dirmngr.c (struct isvalid_status_parm_s): Add new fields.
(isvalid_status_cb): Parse REVOCATIONINFO.
(gpgsm_dirmngr_isvalid): Add args r_revoked_at and
r_revocation_reason.

* sm/gpgsm.h (struct server_control_s): Add fields revoked_art and
revocation_reason.
* sm/keylist.c (list_cert_raw): Print revocation date.
(list_cert_std): Ditto.
--

Note that for now we do this only for OCSP because it is an important
piece of information when using the chain model.  For a sample key see
commit 7fa1d3cc821dca1ea8e1c80a0bdd527177c185ee.

1 files changed, 16 insertions, 1 deletions

diff --git a/sm/certchain.c b/sm/certchain.c
index efe8cb1d5..abce4c327 100644
--- a/sm/certchain.c
+++ b/sm/certchain.c
@@ -1193,6 +1193,8 @@ is_cert_still_valid (ctrl_t ctrl, int chain_model, int lm, estream_t fp,
                      int *any_revoked, int *any_no_crl, int *any_crl_too_old)
 {
   gpg_error_t err;
+  gnupg_isotime_t revoked_at;
+  char *reason;
 
   if (ctrl->offline || (opt.no_crl_check && !ctrl->use_ocsp))
     {
@@ -1221,7 +1223,20 @@ is_cert_still_valid (ctrl_t ctrl, int chain_model, int lm, estream_t fp,
 
   err = gpgsm_dirmngr_isvalid (ctrl,
                                subject_cert, issuer_cert,
-                               chain_model? 2 : !!ctrl->use_ocsp);
+                               chain_model? 2 : !!ctrl->use_ocsp,
+                               revoked_at, &reason);
+  if (gpg_err_code (err) == GPG_ERR_CERT_REVOKED)
+    {
+      gnupg_copy_time (ctrl->revoked_at, revoked_at);
+      xfree (ctrl->revocation_reason);
+      ctrl->revocation_reason = reason;
+      reason = NULL;
+    }
+  else
+    {
+      xfree (reason);
+      reason = (NULL);
+    }
   audit_log_ok (ctrl->audit, AUDIT_CRL_CHECK, err);
 
   if (err)