diff options
author | dkg <dkg@fifthhorseman.net> | 2020-03-18 18:29:00 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-03-18 18:29:00 -0400 |
commit | 09c13647bf36a39bfea5baad4ec5227ac7c062f6 (patch) | |
tree | 1dfff26c4cad6544c3e9933d88b77ef13f829ccb | |
parent | b2b2de3378ae4d075ae1c8cb3bc49767faca6264 (diff) | |
download | gmime-09c13647bf36a39bfea5baad4ec5227ac7c062f6.tar.gz |
PKCS7: always set GPGME_KEYLIST_MODE_VALIDATE (#90)
When returning X.509 certificates for use with S/MIME, we depend on
the validity of the "user IDs" (subject, subjectAltName) in order to
populate the GMimeCertificate object.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-rw-r--r-- | gmime/gmime-pkcs7-context.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/gmime/gmime-pkcs7-context.c b/gmime/gmime-pkcs7-context.c index 9ed18a16..4030e413 100644 --- a/gmime/gmime-pkcs7-context.c +++ b/gmime/gmime-pkcs7-context.c @@ -384,6 +384,7 @@ g_mime_pkcs7_context_new (void) #ifdef ENABLE_CRYPTO GMimePkcs7Context *pkcs7; gpgme_ctx_t ctx; + gpgme_keylist_mode_t keylist_mode; /* make sure GpgMe supports the CMS protocols */ if (gpgme_engine_check_version (GPGME_PROTOCOL_CMS) != GPG_ERR_NO_ERROR) @@ -397,6 +398,16 @@ g_mime_pkcs7_context_new (void) gpgme_set_protocol (ctx, GPGME_PROTOCOL_CMS); gpgme_set_textmode (ctx, FALSE); gpgme_set_armor (ctx, FALSE); + + /* ensure that key listings are correctly validated, since we + use user ID validity to determine what identity to report */ + keylist_mode = gpgme_get_keylist_mode (ctx); + if (! (keylist_mode & GPGME_KEYLIST_MODE_VALIDATE)) + if (gpgme_set_keylist_mode (ctx, keylist_mode | GPGME_KEYLIST_MODE_VALIDATE) != GPG_ERR_NO_ERROR) { + gpgme_release (ctx); + return NULL; + } + pkcs7->ctx = ctx; return (GMimeCryptoContext *) pkcs7; |