diff options
| author | Werner Koch <[email protected]> | 2019-03-26 12:31:06 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2019-03-26 12:31:06 +0000 |
| commit | aa58d2a49b3d416d9d6a0691a89f2bc8bc8649ad (patch) | |
| tree | b9e6e038bef37796e4e826b61a15e29d391a416d | |
| parent | agent: Allow other ssh fingerprint algos in KEYINFO. (diff) | |
| download | gnupg-aa58d2a49b3d416d9d6a0691a89f2bc8bc8649ad.tar.gz gnupg-aa58d2a49b3d416d9d6a0691a89f2bc8bc8649ad.zip | |
sm: Allow decryption even if expired other keys are configured.
* sm/gpgsm.c (main): Add special handling for bad keys in decrypt
mode.
--
The problem can easily be tested by adding --encrypt-to EXPIRED_KEY to
a decryption command. With that patch the errors are printed but
decryption continues and the process returns success unless other
errors occur.
GnuPG-bug-id: 4431
Signed-off-by: Werner Koch <[email protected]>
| -rw-r--r-- | sm/gpgsm.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/sm/gpgsm.c b/sm/gpgsm.c index 70964512c..020072a50 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -1742,6 +1742,8 @@ main ( int argc, char **argv) if (!do_not_setup_keys) { + int errcount = log_get_errorcount (0); + for (sl = locusr; sl ; sl = sl->next) { int rc = gpgsm_add_to_certlist (&ctrl, sl->d, 1, &signerlist, 0); @@ -1770,6 +1772,15 @@ main ( int argc, char **argv) if ((sl->flags & 1)) do_add_recipient (&ctrl, sl->d, &recplist, 1, recp_required); } + + /* We do not require a recipient for decryption but because + * recipients and signers are always checked and log_error is + * sometimes used (for failed signing keys or due to a failed + * CRL checking) that would have bumbed up the error counter. + * We clear the counter in the decryption case because there is + * no reason to force decryption to fail. */ + if (cmd == aDecrypt && !errcount) + log_get_errorcount (1); /* clear counter */ } if (log_get_errorcount(0)) |