gpgsm: New option --compatibility-flags.

* sm/gpgsm.c (oCompatibilityFlags): New option.
(compatibility_flags): new.
(main): Parse and print them in verbose mode.
* sm/gpgsm.h (opt): Add field compat_glags.:
(COMPAT_ALLOW_KA_TO_ENCR): New.
* sm/keylist.c (print_capabilities): Take care of the new flag.
* sm/certlist.c (cert_usage_p): Ditto.

1 files changed, 23 insertions, 5 deletions

diff --git a/sm/keylist.c b/sm/keylist.c
index 404eca176..9e2c79cbc 100644
--- a/sm/keylist.c
+++ b/sm/keylist.c
@@ -304,9 +304,11 @@ print_capabilities (ksba_cert_t cert, estream_t fp)
 {
   gpg_error_t err;
   unsigned int use;
+  unsigned int is_encr, is_sign, is_cert;
   size_t buflen;
   char buffer[1];
 
+
   err = ksba_cert_get_user_data (cert, "is_qualified",
                                  &buffer, sizeof (buffer), &buflen);
   if (!err && buflen)
@@ -338,17 +340,33 @@ print_capabilities (ksba_cert_t cert, estream_t fp)
       return;
     }
 
+  is_encr = is_sign = is_cert = 0;
+
   if ((use & (KSBA_KEYUSAGE_KEY_ENCIPHERMENT|KSBA_KEYUSAGE_DATA_ENCIPHERMENT)))
-    es_putc ('e', fp);
+    is_encr = 1;
   if ((use & (KSBA_KEYUSAGE_DIGITAL_SIGNATURE|KSBA_KEYUSAGE_NON_REPUDIATION)))
-    es_putc ('s', fp);
+    is_sign = 1;
   if ((use & KSBA_KEYUSAGE_KEY_CERT_SIGN))
+    is_cert = 1;
+
+  /* We need to returned the faked key usage to frontends so that they
+   * can select the right key.  Note that we don't do this for the
+   * human readable keyUsage.  */
+  if ((opt.compat_flags & COMPAT_ALLOW_KA_TO_ENCR)
+      && (use & KSBA_KEYUSAGE_KEY_AGREEMENT))
+    is_encr = 1;
+
+  if (is_encr)
+    es_putc ('e', fp);
+  if (is_sign)
+    es_putc ('s', fp);
+  if (is_cert)
     es_putc ('c', fp);
-  if ((use & (KSBA_KEYUSAGE_KEY_ENCIPHERMENT|KSBA_KEYUSAGE_DATA_ENCIPHERMENT)))
+  if (is_encr)
     es_putc ('E', fp);
-  if ((use & (KSBA_KEYUSAGE_DIGITAL_SIGNATURE|KSBA_KEYUSAGE_NON_REPUDIATION)))
+  if (is_sign)
     es_putc ('S', fp);
-  if ((use & KSBA_KEYUSAGE_KEY_CERT_SIGN))
+  if (is_cert)
     es_putc ('C', fp);
 }