(show_key_with_all_names): Print the card S/N.
authorWerner Koch <wk@gnupg.org>
Mon, 20 Sep 2004 18:47:11 +0000 (18:47 +0000)
committerWerner Koch <wk@gnupg.org>
Mon, 20 Sep 2004 18:47:11 +0000 (18:47 +0000)
* app-openpgp.c (app_select_openpgp): Its app_munge_serialno and
not app_number_serialno.

g10/ChangeLog
g10/keyedit.c
scd/ChangeLog
scd/app-openpgp.c
sm/ChangeLog
sm/certchain.c

index d33dcdc..b553c1c 100644 (file)
@@ -1,3 +1,7 @@
+2004-09-20  Werner Koch  <wk@g10code.com>
+
+       * keyedit.c (show_key_with_all_names): Print the card S/N.
+
 2004-09-11  Moritz Schulte  <moritz@g10code.com>
 
        * openfile.c (copy_options_file): Fixed last commit (added a `+').
index 4da174e..2f9fccb 100644 (file)
@@ -2121,6 +2121,27 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
                          datestr_from_sk(sk),
                          expirestr_from_sk(sk) );
            tty_printf("\n");
+            if (sk->is_protected && sk->protect.s2k.mode == 1002)
+              {
+               tty_printf("                     ");
+                tty_printf(_("card-no: ")); 
+                if (sk->protect.ivlen == 16
+                    && !memcmp (sk->protect.iv, "\xD2\x76\x00\x01\x24\x01", 6))
+                  { /* This is an OpenPGP card. */
+                    for (i=8; i < 14; i++)
+                      {
+                        if (i == 10)
+                          tty_printf (" ");
+                        tty_printf ("%02X", sk->protect.iv[i]);
+                      }
+                  }
+                else
+                  { /* Something is wrong: Print all. */
+                    for (i=0; i < sk->protect.ivlen; i++)
+                      tty_printf ("%02X", sk->protect.iv[i]);
+                  }
+                tty_printf ("\n");
+              }
        }
        else if( with_subkeys && node->pkt->pkttype == PKT_SIGNATURE
                 && node->pkt->pkt.signature->sig_class == 0x28       ) {
index a527b5d..e6789fc 100644 (file)
@@ -1,3 +1,8 @@
+2004-09-11  Werner Koch  <wk@g10code.com>
+
+       * app-openpgp.c (app_select_openpgp): Its app_munge_serialno and
+       not app_number_serialno.
+
 2004-08-20  Werner Koch  <wk@g10code.de>
 
        * app.c (select_application): Fixed serial number extraction and
index 67bc336..1617ab8 100644 (file)
@@ -1397,7 +1397,7 @@ app_select_openpgp (APP app)
 #if GNUPG_MAJOR_VERSION != 1
       /* A valid OpenPGP card should never need this but well the test
          is cheap. */
-      rc = app_number_serialno (app);
+      rc = app_munge_serialno (app);
       if (rc)
         goto leave;
 #endif
index a8139e2..d687591 100644 (file)
@@ -1,3 +1,9 @@
+2004-09-14  Werner Koch  <wk@g10code.com>
+
+       * certchain.c (gpgsm_validate_chain): Give expired certificates a
+       higher error precedence and don't bother to check any CRL in that
+       case.
+
 2004-08-24  Werner Koch  <wk@g10code.de>
 
        * certlist.c: Fixed typo in ocsp OID.
index 2ce247f..ad30a36 100644 (file)
@@ -672,7 +672,12 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
           else if (gpg_err_code (rc) == GPG_ERR_NOT_TRUSTED)
             {
               do_list (0, lm, fp, _("root certificate is not marked trusted"));
-              if (!lm)
+              /* If we already figured out that the certificate is
+                 expired it does not make much sense to ask the user
+                 whether we wants to trust the root certificate.  He
+                 should do this only if the certificate under question
+                 will then be usable. */
+              if (!lm && !any_expired)
                 {
                   int rc2;
                   char *fpr = gpgsm_get_fingerprint_string (subject_cert,
@@ -707,6 +712,8 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
           /* Check for revocations etc. */
           if ((flags & 1))
             rc = 0;
+          else if (any_expired)
+            ; /* Don't bother to run the expensive CRL check then. */
           else
             rc = is_cert_still_valid (ctrl, lm, fp,
                                       subject_cert, subject_cert,
@@ -835,6 +842,8 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
       /* Check for revocations etc. */
       if ((flags & 1))
         rc = 0;
+      else if (any_expired)
+        ; /* Don't bother to run the expensive CRL check then. */
       else
         rc = is_cert_still_valid (ctrl, lm, fp,
                                   subject_cert, issuer_cert,
@@ -866,14 +875,14 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
          the error code to the most critical one */
       if (any_revoked)
         rc = gpg_error (GPG_ERR_CERT_REVOKED);
+      else if (any_expired)
+        rc = gpg_error (GPG_ERR_CERT_EXPIRED);
       else if (any_no_crl)
         rc = gpg_error (GPG_ERR_NO_CRL_KNOWN);
       else if (any_crl_too_old)
         rc = gpg_error (GPG_ERR_CRL_TOO_OLD);
       else if (any_no_policy_match)
         rc = gpg_error (GPG_ERR_NO_POLICY_MATCH);
-      else if (any_expired)
-        rc = gpg_error (GPG_ERR_CERT_EXPIRED);
     }
   
  leave: