[gmime] Added new GMIME_DECRYPT_NO_VERIFY flag that disables signature verification

From: Rico Tzschichholz <ricotz src gnome org>
To: commits-list gnome org
Cc:
Subject: [gmime] Added new GMIME_DECRYPT_NO_VERIFY flag that disables signature verification
Date: Sat, 21 Dec 2019 16:58:34 +0000 (UTC)

commit 931dbeb6605ccb8352fc3ed8e81904637ec43935
Author: Jeffrey Stedfast <jestedfa microsoft com>
Date:   Tue Oct 1 08:35:20 2019 -0400

    Added new GMIME_DECRYPT_NO_VERIFY flag that disables signature verification
    
    Thanks to Daniel Kahn Gillmor for this feature suggestion.

 gmime/gmime-crypto-context.h | 2 ++
 gmime/gmime-gpgme-utils.c    | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)
---
diff --git a/gmime/gmime-crypto-context.h b/gmime/gmime-crypto-context.h
index 5089aeaf..998436b5 100644
--- a/gmime/gmime-crypto-context.h
+++ b/gmime/gmime-crypto-context.h
@@ -80,6 +80,7 @@ typedef GMimeCryptoContext * (* GMimeCryptoContextNewFunc) (void);
  * GMimeDecryptFlags:
  * @GMIME_DECRYPT_NONE: No flags specified.
  * @GMIME_DECRYPT_EXPORT_SESSION_KEY: Export the decryption session-key.
+ * @GMIME_DECRYPT_NO_VERIFY: Disable signature verification.
  * @GMIME_DECRYPT_ENABLE_KEYSERVER_LOOKUPS: Enable OpenPGP keyserver lookups.
  * @GMIME_DECRYPT_ENABLE_ONLINE_CERTIFICATE_CHECKS: Enable CRL and OCSP checks that require network lookups.
  *
@@ -88,6 +89,7 @@ typedef GMimeCryptoContext * (* GMimeCryptoContextNewFunc) (void);
 typedef enum {
        GMIME_DECRYPT_NONE                             = 0,
        GMIME_DECRYPT_EXPORT_SESSION_KEY               = 1 << 0,
+       GMIME_DECRYPT_NO_VERIFY                        = 1 << 1,
 
        /* Note: these values must stay in sync with GMimeVerifyFlags */
        GMIME_DECRYPT_ENABLE_KEYSERVER_LOOKUPS         = 1 << 15,
diff --git a/gmime/gmime-gpgme-utils.c b/gmime/gmime-gpgme-utils.c
index 6d8ce135..a5b59846 100644
--- a/gmime/gmime-gpgme-utils.c
+++ b/gmime/gmime-gpgme-utils.c
@@ -602,7 +602,7 @@ g_mime_gpgme_decrypt (gpgme_ctx_t ctx, GMimeDecryptFlags flags, const char *sess
 #endif
        
        /* decrypt the input stream */
-       if (gpgme_get_protocol (ctx) == GPGME_PROTOCOL_OpenPGP) {
+       if (gpgme_get_protocol (ctx) == GPGME_PROTOCOL_OpenPGP && (flags & GMIME_DECRYPT_NO_VERIFY) == 0) {
                gpgme_set_offline (ctx, (flags & GMIME_DECRYPT_ENABLE_KEYSERVER_LOOKUPS) == 0);
                
                error = gpgme_op_decrypt_verify (ctx, input, output);

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]