diff -up gnupg-2.0.20/sm/certlist.c.keyusage gnupg-2.0.20/sm/certlist.c
--- gnupg-2.0.20/sm/certlist.c.keyusage	2013-05-10 14:55:49.000000000 +0200
+++ gnupg-2.0.20/sm/certlist.c	2013-05-15 14:15:57.420276618 +0200
@@ -146,10 +146,9 @@ cert_usage_p (ksba_cert_t cert, int mode
 
   if (mode == 5)
     {
-      if (use != ~0 
-          && (have_ocsp_signing
-              || (use & (KSBA_KEYUSAGE_KEY_CERT_SIGN
-                         |KSBA_KEYUSAGE_CRL_SIGN))))
+      if (have_ocsp_signing
+          || (use & (KSBA_KEYUSAGE_KEY_CERT_SIGN
+                     |KSBA_KEYUSAGE_CRL_SIGN)))
         return 0;
       log_info (_("certificate should not have "
                   "been used for OCSP response signing\n"));