doc: Explain verify_result_t.status == 0 more

* doc/gpgme.texi (gpgme_verify_result_t): Explain GPGME_STATUS_NO_ERROR more clearly. -- This might help to avoid misunderstandings how the status can be interpreted and explains why a verify of unsigned PGP Data returns no error. As a reaction to CVE-2020-10759 discovered by Justin Steven.
2020-06-09 10:21:54 +02:00 · 2020-06-09 10:21:54 +02:00 · 88f3202521
commit 88f3202521
parent 728ead8ebd
1 changed files with 9 additions and 2 deletions
--- a/doc/gpgme.texi
+++ b/doc/gpgme.texi
@ -5773,8 +5773,15 @@ status codes are of interest:

  @table @code
  @item GPG_ERR_NO_ERROR
-  This status indicates that the signature is valid.  For the combined
-  result this status means that all signatures are valid.
+  This status indicates that the signature could be verified or that
+  there is no signature.  For the combined result this status
+  means that all signatures could be verified.
+
+  Note: This does not mean that a valid signature could be found.  Check
+  the @code{summary} field for that.
+
+  For example a @code{gpgme_op_decrypt_verify} returns a verification
+  result with GPG_ERR_NO_ERROR for encrypted but unsigned data.

  @item GPG_ERR_SIG_EXPIRED
  This status indicates that the signature is valid but expired.  For