diff options
| author | Werner Koch <[email protected]> | 2022-06-13 15:46:40 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2022-06-13 15:50:26 +0000 |
| commit | f0b373cec93bb01f02b9c0a3ab1f3e242b381c3f (patch) | |
| tree | 7c54cfd4a2bcbdc24a85edd15974fae517712c06 /sm/certlist.c | |
| parent | common: New function parse_compatibility_flags. (diff) | |
| download | gnupg-f0b373cec93bb01f02b9c0a3ab1f3e242b381c3f.tar.gz gnupg-f0b373cec93bb01f02b9c0a3ab1f3e242b381c3f.zip | |
gpgsm: New option --compatibility-flags.
* sm/gpgsm.c (oCompatibilityFlags): New option.
(compatibility_flags): new.
(main): Parse and print them in verbose mode.
* sm/gpgsm.h (opt): Add field compat_glags.:
(COMPAT_ALLOW_KA_TO_ENCR): New.
* sm/keylist.c (print_capabilities): Take care of the new flag.
* sm/certlist.c (cert_usage_p): Ditto.
Diffstat (limited to 'sm/certlist.c')
| -rw-r--r-- | sm/certlist.c | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/sm/certlist.c b/sm/certlist.c index 5ce74586c..f06a23f5d 100644 --- a/sm/certlist.c +++ b/sm/certlist.c @@ -51,9 +51,11 @@ cert_usage_p (ksba_cert_t cert, int mode, int silent) { gpg_error_t err; unsigned int use; + unsigned int encr_bits, sign_bits; char *extkeyusages; int have_ocsp_signing = 0; + err = ksba_cert_get_ext_key_usages (cert, &extkeyusages); if (gpg_err_code (err) == GPG_ERR_NO_DATA) err = 0; /* no policy given */ @@ -157,10 +159,13 @@ cert_usage_p (ksba_cert_t cert, int mode, int silent) return gpg_error (GPG_ERR_WRONG_KEY_USAGE); } - if ((use & ((mode&1)? - (KSBA_KEYUSAGE_KEY_ENCIPHERMENT|KSBA_KEYUSAGE_DATA_ENCIPHERMENT): - (KSBA_KEYUSAGE_DIGITAL_SIGNATURE|KSBA_KEYUSAGE_NON_REPUDIATION))) - ) + encr_bits = (KSBA_KEYUSAGE_KEY_ENCIPHERMENT|KSBA_KEYUSAGE_DATA_ENCIPHERMENT); + if ((opt.compat_flags & COMPAT_ALLOW_KA_TO_ENCR)) + encr_bits |= KSBA_KEYUSAGE_KEY_AGREEMENT; + + sign_bits = (KSBA_KEYUSAGE_DIGITAL_SIGNATURE|KSBA_KEYUSAGE_NON_REPUDIATION); + + if ((use & ((mode&1)? encr_bits : sign_bits))) return 0; if (!silent) |