* certlist.c (gpgsm_add_to_certlist): Fixed locating of a

certificate with the required key usage.

* gpgsm.c (main): Fixed a segv when using --outfile without an
argument.

* keylist.c (print_capabilities): Also check for non-repudiation
and data encipherment.
* certlist.c (cert_usage_p): Test for signing and encryption was
swapped.  Add a case for certification usage, handle
non-repudiation and data encipherment.
(gpgsm_cert_use_cert_p): New.
(gpgsm_add_to_certlist): Added a CTRL argument and changed all
callers to pass it.
* certpath.c (gpgsm_validate_path): Use it here to print a status
message. Added a CTRL argument and changed all callers to pass it.
* decrypt.c (gpgsm_decrypt): Print a status message for wrong key
usage.
* verify.c (gpgsm_verify): Ditto.
* keydb.c (classify_user_id): Allow a colon delimited fingerprint.

1 files changed, 9 insertions, 1 deletions

diff --git a/sm/certpath.c b/sm/certpath.c
index 0b2d8b4fc..01696fc27 100644
--- a/sm/certpath.c
+++ b/sm/certpath.c
@@ -308,7 +308,7 @@ gpgsm_is_root_cert (KsbaCert cert)
 /* Validate a path and optionally return the nearest expiration time
    in R_EXPTIME */
 int
-gpgsm_validate_path (KsbaCert cert, time_t *r_exptime)
+gpgsm_validate_path (CTRL ctrl, KsbaCert cert, time_t *r_exptime)
 {
   int rc = 0, depth = 0, maxdepth;
   char *issuer = NULL;
@@ -551,6 +551,14 @@ gpgsm_validate_path (KsbaCert cert, time_t *r_exptime)
           }
       }
 
+      rc = gpgsm_cert_use_cert_p (issuer_cert);
+      if (rc)
+        {
+          gpgsm_status2 (ctrl, STATUS_ERROR, "certpath.issuer.keyusage",
+                         gnupg_error_token (rc), NULL);
+          rc = 0;
+        }
+
       if (opt.verbose)
         log_info ("certificate is good\n");