* certlist.c (gpgsm_add_to_certlist): Fixed locating of a

certificate with the required key usage.

* gpgsm.c (main): Fixed a segv when using --outfile without an
argument.

* keylist.c (print_capabilities): Also check for non-repudiation
and data encipherment.
* certlist.c (cert_usage_p): Test for signing and encryption was
swapped.  Add a case for certification usage, handle
non-repudiation and data encipherment.
(gpgsm_cert_use_cert_p): New.
(gpgsm_add_to_certlist): Added a CTRL argument and changed all
callers to pass it.
* certpath.c (gpgsm_validate_path): Use it here to print a status
message. Added a CTRL argument and changed all callers to pass it.
* decrypt.c (gpgsm_decrypt): Print a status message for wrong key
usage.
* verify.c (gpgsm_verify): Ditto.
* keydb.c (classify_user_id): Allow a colon delimited fingerprint.

1 files changed, 9 insertions, 2 deletions

diff --git a/sm/verify.c b/sm/verify.c
index 286dc68bb..d5f8629b7 100644
--- a/sm/verify.c
+++ b/sm/verify.c
@@ -389,10 +389,17 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
           gpgsm_status (ctrl, STATUS_BADSIG, NULL);
           goto next_signer;
         }
-      gpgsm_cert_use_verify_p (cert); /* this displays an info message */
+      rc = gpgsm_cert_use_verify_p (cert); /*(this displays an info message)*/
+      if (rc)
+        {
+          gpgsm_status2 (ctrl, STATUS_ERROR, "verify.keyusage",
+                         gnupg_error_token (rc), NULL);
+          rc = 0;
+        }
+
       if (DBG_X509)
         log_debug ("signature okay - checking certs\n");
-      rc = gpgsm_validate_path (cert, &keyexptime);
+      rc = gpgsm_validate_path (ctrl, cert, &keyexptime);
       if (rc == GNUPG_Certificate_Expired)
         {
           gpgsm_status (ctrl, STATUS_EXPKEYSIG, NULL);