* verify.c (gpgsm_verify): Print STATUS_NEWSIG for each signature.

* certchain.c (gpgsm_validate_chain) <gpgsm_cert_use_cer_p>: Do
not just warn if a cert is not suitable; bail out immediately.

* call-dirmngr.c (isvalid_status_cb): New.
(unhexify_fpr): New. Taken from ../g10/call-agent.c
(gpgsm_dirmngr_isvalid): Add new arg CTRL, changed caller to pass
it thru.  Detect need to check the respondert cert and do that.
* certchain.c (gpgsm_validate_chain): Add new arg FLAGS.  Changed
all callers.

1 files changed, 4 insertions, 1 deletions

diff --git a/sm/verify.c b/sm/verify.c
index bd334908e..4b43ed064 100644
--- a/sm/verify.c
+++ b/sm/verify.c
@@ -263,6 +263,9 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
             err = 0;
           break;
         }
+
+      gpgsm_status (ctrl, STATUS_NEWSIG, NULL);
+
       if (DBG_X509)
         {
           log_debug ("signer %d - issuer: `%s'\n",
@@ -458,7 +461,7 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
 
       if (DBG_X509)
         log_debug ("signature okay - checking certs\n");
-      rc = gpgsm_validate_chain (ctrl, cert, keyexptime, 0, NULL);
+      rc = gpgsm_validate_chain (ctrl, cert, keyexptime, 0, NULL, 0);
       if (gpg_err_code (rc) == GPG_ERR_CERT_EXPIRED)
         {
           gpgsm_status (ctrl, STATUS_EXPKEYSIG, NULL);