PKCS7: always set GPGME_KEYLIST_MODE_VALIDATE (#90)

When returning X.509 certificates for use with S/MIME, we depend on
the validity of the "user IDs" (subject, subjectAltName) in order to
populate the GMimeCertificate object.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

1 files changed, 11 insertions, 0 deletions

diff --git a/gmime/gmime-pkcs7-context.c b/gmime/gmime-pkcs7-context.c
index 9ed18a16..4030e413 100644
--- a/gmime/gmime-pkcs7-context.c
+++ b/gmime/gmime-pkcs7-context.c
@@ -384,6 +384,7 @@ g_mime_pkcs7_context_new (void)
 #ifdef ENABLE_CRYPTO
 	GMimePkcs7Context *pkcs7;
 	gpgme_ctx_t ctx;
+	gpgme_keylist_mode_t keylist_mode;
 	
 	/* make sure GpgMe supports the CMS protocols */
 	if (gpgme_engine_check_version (GPGME_PROTOCOL_CMS) != GPG_ERR_NO_ERROR)
@@ -397,6 +398,16 @@ g_mime_pkcs7_context_new (void)
 	gpgme_set_protocol (ctx, GPGME_PROTOCOL_CMS);
 	gpgme_set_textmode (ctx, FALSE);
 	gpgme_set_armor (ctx, FALSE);
+
+	/* ensure that key listings are correctly validated, since we
+	   use user ID validity to determine what identity to report */
+	keylist_mode = gpgme_get_keylist_mode (ctx);
+	if (! (keylist_mode & GPGME_KEYLIST_MODE_VALIDATE))
+		if (gpgme_set_keylist_mode (ctx, keylist_mode | GPGME_KEYLIST_MODE_VALIDATE) != GPG_ERR_NO_ERROR) {
+			gpgme_release (ctx);
+			return NULL;
+		}
+
 	pkcs7->ctx = ctx;
 	
 	return (GMimeCryptoContext *) pkcs7;