[gmime] PKCS7: always set GPGME_KEYLIST_MODE_VALIDATE (#90)
- From: Rico Tzschichholz <ricotz src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gmime] PKCS7: always set GPGME_KEYLIST_MODE_VALIDATE (#90)
- Date: Tue, 5 May 2020 15:49:00 +0000 (UTC)
commit 09c13647bf36a39bfea5baad4ec5227ac7c062f6
Author: dkg <dkg fifthhorseman net>
Date: Wed Mar 18 18:29:00 2020 -0400
PKCS7: always set GPGME_KEYLIST_MODE_VALIDATE (#90)
When returning X.509 certificates for use with S/MIME, we depend on
the validity of the "user IDs" (subject, subjectAltName) in order to
populate the GMimeCertificate object.
Signed-off-by: Daniel Kahn Gillmor <dkg fifthhorseman net>
gmime/gmime-pkcs7-context.c | 11 +++++++++++
1 file changed, 11 insertions(+)
---
diff --git a/gmime/gmime-pkcs7-context.c b/gmime/gmime-pkcs7-context.c
index 9ed18a16..4030e413 100644
--- a/gmime/gmime-pkcs7-context.c
+++ b/gmime/gmime-pkcs7-context.c
@@ -384,6 +384,7 @@ g_mime_pkcs7_context_new (void)
#ifdef ENABLE_CRYPTO
GMimePkcs7Context *pkcs7;
gpgme_ctx_t ctx;
+ gpgme_keylist_mode_t keylist_mode;
/* make sure GpgMe supports the CMS protocols */
if (gpgme_engine_check_version (GPGME_PROTOCOL_CMS) != GPG_ERR_NO_ERROR)
@@ -397,6 +398,16 @@ g_mime_pkcs7_context_new (void)
gpgme_set_protocol (ctx, GPGME_PROTOCOL_CMS);
gpgme_set_textmode (ctx, FALSE);
gpgme_set_armor (ctx, FALSE);
+
+ /* ensure that key listings are correctly validated, since we
+ use user ID validity to determine what identity to report */
+ keylist_mode = gpgme_get_keylist_mode (ctx);
+ if (! (keylist_mode & GPGME_KEYLIST_MODE_VALIDATE))
+ if (gpgme_set_keylist_mode (ctx, keylist_mode | GPGME_KEYLIST_MODE_VALIDATE) !=
GPG_ERR_NO_ERROR) {
+ gpgme_release (ctx);
+ return NULL;
+ }
+
pkcs7->ctx = ctx;
return (GMimeCryptoContext *) pkcs7;
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]