gpgsm: Print revocation date and reason in cert listings.

* dirmngr/ocsp.c (ocsp_isvalid): Add args r_revoked_at and r_revocation_reason. * dirmngr/server.c (cmd_isvalid): Emit a new REVOCATIONINFO status. (cmd_checkocsp): Ditto. * sm/call-dirmngr.c (struct isvalid_status_parm_s): Add new fields. (isvalid_status_cb): Parse REVOCATIONINFO. (gpgsm_dirmngr_isvalid): Add args r_revoked_at and r_revocation_reason. * sm/gpgsm.h (struct server_control_s): Add fields revoked_art and revocation_reason. * sm/keylist.c (list_cert_raw): Print revocation date. (list_cert_std): Ditto. -- Note that for now we do this only for OCSP because it is an important piece of information when using the chain model. For a sample key see commit 7fa1d3cc821dca1ea8e1c80a0bdd527177c185ee.
author: Werner Koch <wk@gnupg.org> 2022-12-05 16:42:08 +0100
committer: Werner Koch <wk@gnupg.org> 2022-12-05 16:42:08 +0100
commit: b6abaed2b5f6a6e52069f370c61006abdc81cdf5 (patch)
tree: 3aaca56d2678d54c1bc60b67c85602b44b5daf28 /sm/keylist.c
parent: gpgsm: Silence the "non-critical certificate policy not allowed". (diff)
download: gnupg2-b6abaed2b5f6a6e52069f370c61006abdc81cdf5.tar.xz
gnupg2-b6abaed2b5f6a6e52069f370c61006abdc81cdf5.zip
1 files changed, 18 insertions, 0 deletions
diff --git a/sm/keylist.c b/sm/keylist.c
index fb2c3bad5..fabd82224 100644
--- a/sm/keylist.c
+++ b/sm/keylist.c
@@ -1201,6 +1201,15 @@ list_cert_raw (ctrl_t ctrl, KEYDB_HANDLE hd,
     {
       err = gpgsm_validate_chain (ctrl, cert,
                                   GNUPG_ISOTIME_NONE, NULL, 1, fp, 0, NULL);
+      if (gpg_err_code (err) == GPG_ERR_CERT_REVOKED
+          && !check_isotime (ctrl->revoked_at))
+        {
+          es_fputs ("      revoked: ", fp);
+          gpgsm_print_time (fp, ctrl->revoked_at);
+          if (ctrl->revocation_reason)
+            es_fprintf (fp, " (%s)", ctrl->revocation_reason);
+          es_putc ('\n', fp);
+        }
       if (!err)
         es_fprintf (fp, "  [certificate is good]\n");
       else
@@ -1451,6 +1460,15 @@ list_cert_std (ctrl_t ctrl, ksba_cert_t cert, estream_t fp, int have_secret,
 
       err = gpgsm_validate_chain (ctrl, cert,
                                   GNUPG_ISOTIME_NONE, NULL, 1, fp, 0, NULL);
+      if (gpg_err_code (err) == GPG_ERR_CERT_REVOKED
+          && !check_isotime (ctrl->revoked_at))
+        {
+          es_fputs ("      revoked: ", fp);
+          gpgsm_print_time (fp, ctrl->revoked_at);
+          if (ctrl->revocation_reason)
+            es_fprintf (fp, " (%s)", ctrl->revocation_reason);
+          es_putc ('\n', fp);
+        }
       tmperr = ksba_cert_get_user_data (cert, "is_qualified",
                                         &buffer, sizeof (buffer), &buflen);
       if (!tmperr && buflen)
author	Werner Koch <wk@gnupg.org>	2022-12-05 16:42:08 +0100
committer	Werner Koch <wk@gnupg.org>	2022-12-05 16:42:08 +0100
commit	b6abaed2b5f6a6e52069f370c61006abdc81cdf5 (patch)
tree	3aaca56d2678d54c1bc60b67c85602b44b5daf28 /sm/keylist.c
parent	gpgsm: Silence the "non-critical certificate policy not allowed". (diff)
download	gnupg2-b6abaed2b5f6a6e52069f370c61006abdc81cdf5.tar.xz gnupg2-b6abaed2b5f6a6e52069f370c61006abdc81cdf5.zip