From d6402b888fd00b883bbfc00c91a2aa9706e4377e Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Wed, 2 May 2012 10:30:09 +0200 Subject: [PATCH] Update signature summary for the case of missing X.509 keys. * src/verify.c (gpgme_op_verify_result): Update summary field. -- This is actually a hack to solve the problem that GPGME currently does not emit ERRSIG for a missing public key. --- NEWS | 16 ++++++++++------ src/verify.c | 34 +++++++++++++++++++++++++++++----- 2 files changed, 39 insertions(+), 11 deletions(-) diff --git a/NEWS b/NEWS index 3dad99b4..b7106e72 100644 --- a/NEWS +++ b/NEWS @@ -4,6 +4,10 @@ Noteworthy changes in version 1.3.2 (unreleased) * Remove support for libgpgme-pth. As far as we know, this was never used, and GnuPG is going to use our own npth in the future. + * Fix signature summary information for a missing X.509 key. + + * Fix parsing of dates >= year 2038. + Noteworthy changes in version 1.3.1 (2011-06-16) ------------------------------------------------ @@ -120,7 +124,7 @@ Noteworthy changes in version 1.1.7 (2008-10-17) * Using GPGME_KEYLIST_MODE_LOCAL combined with GPGME_KEYLIST_MODE_EXTERN is now supported; it uses the --locate-keys feature of gpg (>= 2.0.10). - + * The encoding of gpgme_data_t objects can affect the output encoding of export, sign and encrypt operations now (the same operations that are also affected by the ASCII mode switch). We believe this @@ -764,7 +768,7 @@ Noteworthy changes in version 0.4.1 (2003-06-06) So, instead: char *fpr; - err = gpgme_op_genkey (ctx, NULL, NULL, &fpr); + err = gpgme_op_genkey (ctx, NULL, NULL, &fpr); if (!err && fpr) printf ("%s\n", fpr); @@ -1052,7 +1056,7 @@ Noteworthy changes in version 0.3.13 (2002-11-20) Noteworthy changes in version 0.3.12 (2002-10-15) ------------------------------------------------- - * Fixed some bux with key listings. + * Fixed some bux with key listings. * The development has been branched to clean up some API issues. This 0.3 series will be kept for compatibility reasons; so do don't @@ -1060,7 +1064,7 @@ Noteworthy changes in version 0.3.12 (2002-10-15) Noteworthy changes in version 0.3.11 (2002-09-20) ------------------------------------------------- - + * Bug fixes. Noteworthy changes in version 0.3.10 (2002-09-02) @@ -1266,7 +1270,7 @@ gpgme_register_idle NEW Noteworthy changes in version 0.3.0 (2001-12-19) ------------------------------------------------ - + * New interface gpgme_set_protocol() to set the protocol and thus the crypto engine to be used by the context. Currently, the OpenPGP and the CMS protocols are supported. They are specified by the new @@ -1336,7 +1340,7 @@ Noteworthy changes in version 0.2.3 (2001-09-17) Noteworthy changes in version 0.2.2 (2001-06-12) ------------------------------------------------ - + * Implemented a key cache. * Fixed a race condition under W32 and some other bug fixes. diff --git a/src/verify.c b/src/verify.c index d63fc54b..a61cc950 100644 --- a/src/verify.c +++ b/src/verify.c @@ -83,6 +83,7 @@ gpgme_op_verify_result (gpgme_ctx_t ctx) void *hook; op_data_t opd; gpgme_error_t err; + gpgme_signature_t sig; TRACE_BEG (DEBUG_CTX, "gpgme_op_verify_result", ctx); err = _gpgme_op_data_lookup (ctx, OPDATA_VERIFY, &hook, -1, NULL); @@ -93,12 +94,37 @@ gpgme_op_verify_result (gpgme_ctx_t ctx) return NULL; } + /* It is possible that we saw a new signature only followed by an + ERROR line for that. In particular a missing X.509 key triggers + this. In this case it is surprising that the summary field has + not been updated. We fix it here by explicitly looking for this + case. The real fix would be to have GPGME emit ERRSIG. */ + for (sig = opd->result.signatures; sig; sig = sig->next) + { + if (!sig->summary) + { + switch (gpg_err_code (sig->status)) + { + case GPG_ERR_KEY_EXPIRED: + sig->summary |= GPGME_SIGSUM_KEY_EXPIRED; + break; + + case GPG_ERR_NO_PUBKEY: + sig->summary |= GPGME_SIGSUM_KEY_MISSING; + break; + + default: + break; + } + } + } + + /* Now for some tracing stuff. */ if (_gpgme_debug_trace ()) { - gpgme_signature_t sig = opd->result.signatures; - int i = 0; + int i; - while (sig) + for (sig = opd->result.signatures, i = 0; sig; sig = sig->next, i++) { TRACE_LOG4 ("sig[%i] = fpr %s, summary 0x%x, status %s", i, sig->fpr, sig->summary, gpg_strerror (sig->status)); @@ -120,8 +146,6 @@ gpgme_op_verify_result (gpgme_ctx_t ctx) { TRACE_LOG1 ("sig[%i] = has notations (not shown)", i); } - sig = sig->next; - i++; } }