gnupg2/gnupg-2.0.16-ocsp-keyusage.patch

diff -r -u gnupg-2.0.16.orig/sm/certlist.c gnupg-2.0.16/sm/certlist.c
--- gnupg-2.0.16.orig/sm/certlist.c	2009-09-21 18:53:43.000000000 +0200
+++ gnupg-2.0.16/sm/certlist.c	2010-11-29 16:47:26.284497534 +0100
@@ -146,10 +146,9 @@
 
   if (mode == 5)
     {
-      if (use != ~0 
-          && (have_ocsp_signing
-              || (use & (KSBA_KEYUSAGE_KEY_CERT_SIGN
-                         |KSBA_KEYUSAGE_CRL_SIGN))))
+      if (have_ocsp_signing
+          || (use & (KSBA_KEYUSAGE_KEY_CERT_SIGN
+                     |KSBA_KEYUSAGE_CRL_SIGN)))
         return 0;
       log_info (_("certificate should have not "
                   "been used for OCSP response signing\n"));