From 4100794e305ba22241ea5a4f7b42bb5189fbd948 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Thu, 2 May 2019 23:28:11 -0400
Subject: python: stop raising BadSignatures from decrypt(verify=True)

* src/core.py (decrypt): filter out signatures with errors from the
returned verify_result, but avoid raising BadSignatures
* tests/t-decrypt-verify.py: ensure that only a single signature is
returned when evaluating cipher-3.asc, since the other signature is
unknown.

--

This change preserves the invariant that decrypt() only ever returns
valid signatures in the verify_result, but it avoids unnecessary
errors in the face of the presence of an additional bad signature.

GnuPG-bug-id: 4276
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
---
 lang/python/tests/t-decrypt-verify.py | 1 +
 1 file changed, 1 insertion(+)

(limited to 'lang/python/tests/t-decrypt-verify.py')

diff --git a/lang/python/tests/t-decrypt-verify.py b/lang/python/tests/t-decrypt-verify.py
index 6a4fc554..300fc713 100755
--- a/lang/python/tests/t-decrypt-verify.py
+++ b/lang/python/tests/t-decrypt-verify.py
@@ -84,5 +84,6 @@ with gpg.Context() as c:
 
     plaintext, _, verify_result = c.decrypt(open(support.make_filename("cipher-3.asc")))
     assert len(plaintext) > 0
+    assert len(verify_result.signatures) == 1
     assert plaintext.find(b'Reenact Studied Thermos Bonehead Unclasp Opposing') >= 0, \
         'second Plaintext not found'
-- 
cgit v1.2.3