diff options
| author | Daniel Kahn Gillmor <[email protected]> | 2019-05-29 21:56:01 +0000 |
|---|---|---|
| committer | NIIBE Yutaka <[email protected]> | 2019-12-06 01:41:44 +0000 |
| commit | ae4d7761a15b82eb98b0bcc72af2ae2e8973e1f9 (patch) | |
| tree | 5a130b0db8726f874364fc9a5c06e6d46767c3e9 | |
| parent | gpgme-tool: Fix help text for INCLUDE_CERTS. (diff) | |
| download | gpgme-ae4d7761a15b82eb98b0bcc72af2ae2e8973e1f9.tar.gz gpgme-ae4d7761a15b82eb98b0bcc72af2ae2e8973e1f9.zip | |
gpg: Avoid error diagnostics with --override-session-key when verifying
* src/engine-gpg.c (gpg_decrypt): only send --no-keyring when we are
not verifying.
--
Without this change, the signature verification would fail. This
problem was introduced in bded8ebc59c7fdad2617f4c9232a58047656834c in
an attempt to avoid an error when *not* verifying. Clearly more test
suite coverage is needed to avoid introducing this sort of problem in
the future.
GnuPG-bug-id: 3464
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
| -rw-r--r-- | src/engine-gpg.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/src/engine-gpg.c b/src/engine-gpg.c index 5c335cb2..223404ed 100644 --- a/src/engine-gpg.c +++ b/src/engine-gpg.c @@ -1717,12 +1717,15 @@ gpg_decrypt (void *engine, strlen (override_session_key), 1); if (!err) { - /* We add --no-keyring because a keyring is not required - * when we are overriding the session key. It would + /* When we are not trying to verify signatures as well, + * we add --no-keyring because a keyring is not required + * for decryption when overriding the session key. It would * work without that option but --no-keyring avoids that * gpg return a failure due to a missing key log_error() * diagnostic. --no-keyring is supported since 2.1.14. */ - err = add_arg (gpg, "--no-keyring"); + + if (!(flags & GPGME_DECRYPT_VERIFY)) + err = add_arg (gpg, "--no-keyring"); if (!err) err = add_arg (gpg, "--override-session-key-fd"); if (!err) |