[gmime] PKCS7: always set GPGME_KEYLIST_MODE_VALIDATE (#90)

[Rico Tzschichholz <ricotz src gnome org>]

commit 09c13647bf36a39bfea5baad4ec5227ac7c062f6
Author: dkg <dkg fifthhorseman net>
Date:   Wed Mar 18 18:29:00 2020 -0400

    PKCS7: always set GPGME_KEYLIST_MODE_VALIDATE (#90)
    
    When returning X.509 certificates for use with S/MIME, we depend on
    the validity of the "user IDs" (subject, subjectAltName) in order to
    populate the GMimeCertificate object.
    
    Signed-off-by: Daniel Kahn Gillmor <dkg fifthhorseman net>

 gmime/gmime-pkcs7-context.c | 11 +++++++++++
 1 file changed, 11 insertions(+)
---
diff --git a/gmime/gmime-pkcs7-context.c b/gmime/gmime-pkcs7-context.c
index 9ed18a16..4030e413 100644
--- a/gmime/gmime-pkcs7-context.c
+++ b/gmime/gmime-pkcs7-context.c
@@ -384,6 +384,7 @@ g_mime_pkcs7_context_new (void)
 #ifdef ENABLE_CRYPTO
        GMimePkcs7Context *pkcs7;
        gpgme_ctx_t ctx;
+       gpgme_keylist_mode_t keylist_mode;
        
        /* make sure GpgMe supports the CMS protocols */
        if (gpgme_engine_check_version (GPGME_PROTOCOL_CMS) != GPG_ERR_NO_ERROR)
@@ -397,6 +398,16 @@ g_mime_pkcs7_context_new (void)
        gpgme_set_protocol (ctx, GPGME_PROTOCOL_CMS);
        gpgme_set_textmode (ctx, FALSE);
        gpgme_set_armor (ctx, FALSE);
+
+       /* ensure that key listings are correctly validated, since we
+          use user ID validity to determine what identity to report */
+       keylist_mode = gpgme_get_keylist_mode (ctx);
+       if (! (keylist_mode & GPGME_KEYLIST_MODE_VALIDATE))
+               if (gpgme_set_keylist_mode (ctx, keylist_mode | GPGME_KEYLIST_MODE_VALIDATE) != 
GPG_ERR_NO_ERROR) {
+                       gpgme_release (ctx);
+                       return NULL;
+               }
+
        pkcs7->ctx = ctx;
        
        return (GMimeCryptoContext *) pkcs7;