gpg: Avoid error diagnostics with --override-session-key when verifying
* src/engine-gpg.c (gpg_decrypt): only send --no-keyring when we are
not verifying.
--
Without this change, the signature verification would fail. This
problem was introduced in bded8ebc59
in
an attempt to avoid an error when *not* verifying. Clearly more test
suite coverage is needed to avoid introducing this sort of problem in
the future.
GnuPG-bug-id: 3464
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
This commit is contained in:
parent
c0c97dbbe6
commit
ae4d7761a1
@ -1717,12 +1717,15 @@ gpg_decrypt (void *engine,
|
|||||||
strlen (override_session_key), 1);
|
strlen (override_session_key), 1);
|
||||||
if (!err)
|
if (!err)
|
||||||
{
|
{
|
||||||
/* We add --no-keyring because a keyring is not required
|
/* When we are not trying to verify signatures as well,
|
||||||
* when we are overriding the session key. It would
|
* we add --no-keyring because a keyring is not required
|
||||||
|
* for decryption when overriding the session key. It would
|
||||||
* work without that option but --no-keyring avoids that
|
* work without that option but --no-keyring avoids that
|
||||||
* gpg return a failure due to a missing key log_error()
|
* gpg return a failure due to a missing key log_error()
|
||||||
* diagnostic. --no-keyring is supported since 2.1.14. */
|
* diagnostic. --no-keyring is supported since 2.1.14. */
|
||||||
err = add_arg (gpg, "--no-keyring");
|
|
||||||
|
if (!(flags & GPGME_DECRYPT_VERIFY))
|
||||||
|
err = add_arg (gpg, "--no-keyring");
|
||||||
if (!err)
|
if (!err)
|
||||||
err = add_arg (gpg, "--override-session-key-fd");
|
err = add_arg (gpg, "--override-session-key-fd");
|
||||||
if (!err)
|
if (!err)
|
||||||
|
Loading…
Reference in New Issue
Block a user