[PATCH 02/20] crypto: Avoid pretending to verify signatures on unsigned encrypted mail

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu May 10 22:55:26 PDT 2018


Unsigned encrypted mail shows up with a weird empty signature list.
If we successfully decrypted and there was no signature in it, we
should just not show a sigstatus at all.

The documentation for g_mime_decrypt_result_get_signatures says:

    a GMimeSignatureList or NULL if the stream was not signed.
---
 mime-node.c         | 2 +-
 test/T350-crypto.sh | 1 -
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/mime-node.c b/mime-node.c
index 11df082b..74f40417 100644
--- a/mime-node.c
+++ b/mime-node.c
@@ -216,12 +216,12 @@ node_decrypt_and_verify (mime_node_t *node, GMimeObject *part,
     }
 
     node->decrypt_success = true;
-    node->verify_attempted = true;
 
     if (decrypt_result) {
 	/* This may be NULL if the part is not signed. */
 	node->sig_list = g_mime_decrypt_result_get_signatures (decrypt_result);
 	if (node->sig_list) {
+	    node->verify_attempted = true;
 	    g_object_ref (node->sig_list);
 	    set_signature_list_destructor (node);
 	}
diff --git a/test/T350-crypto.sh b/test/T350-crypto.sh
index a776ec35..b5067346 100755
--- a/test/T350-crypto.sh
+++ b/test/T350-crypto.sh
@@ -271,7 +271,6 @@ expected='[[[{"id": "XXXXX",
  "Date": "Sat, 01 Jan 2000 12:00:00 +0000"},
  "body": [{"id": 1,
  "encstatus": [{"status": "good"}],
- "sigstatus": [],
  "content-type": "multipart/encrypted",
  "content": [{"id": 2,
  "content-type": "application/pgp-encrypted",
-- 
2.17.0



More information about the notmuch mailing list