diff options
| author | Milan Crha <mcrha@redhat.com> | 2023-05-02 16:53:51 +0200 |
|---|---|---|
| committer | Milan Crha <mcrha@redhat.com> | 2023-05-02 16:53:51 +0200 |
| commit | 0892c27bf4a91fb5c072f9e5a1fc082857e32c5b (patch) | |
| tree | 46ab2c551c03cf41dec7eeee8574fa57e62a2a6f | |
| parent | ee4425ff0a36f9e6c7b56f3c00f28e0e630bb88e (diff) | |
| download | evolution-data-server-0892c27bf4a91fb5c072f9e5a1fc082857e32c5b.tar.gz | |
I#474 - Camel: Set proper S/MIME signature verification status
Closes https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/474
| -rw-r--r-- | src/camel/camel-smime-context.c | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/src/camel/camel-smime-context.c b/src/camel/camel-smime-context.c index 8e6739e30..e0eb82fa4 100644 --- a/src/camel/camel-smime-context.c +++ b/src/camel/camel-smime-context.c @@ -500,25 +500,31 @@ fail: } static const gchar * -sm_status_description (NSSCMSVerificationStatus status) +sm_status_description (NSSCMSVerificationStatus status, + CamelCipherValiditySign *out_sign_status) { /* could use this but then we can't control i18n? */ /*NSS_CMSUtil_VerificationStatusToString (status));*/ + *out_sign_status = CAMEL_CIPHER_VALIDITY_SIGN_BAD; + switch (status) { case NSSCMSVS_Unverified: default: /* Translators: A fallback message when couldn't verify an SMIME signature */ return _("Unverified"); case NSSCMSVS_GoodSignature: + *out_sign_status = CAMEL_CIPHER_VALIDITY_SIGN_GOOD; return _("Good signature"); case NSSCMSVS_BadSignature: return _("Bad signature"); case NSSCMSVS_DigestMismatch: return _("Content tampered with or altered in transit"); case NSSCMSVS_SigningCertNotFound: + *out_sign_status = CAMEL_CIPHER_VALIDITY_SIGN_NEED_PUBLIC_KEY; return _("Signing certificate not found"); case NSSCMSVS_SigningCertNotTrusted: + *out_sign_status = CAMEL_CIPHER_VALIDITY_SIGN_UNKNOWN; return _("Signing certificate not trusted"); case NSSCMSVS_SignatureAlgorithmUnknown: return _("Signature algorithm unknown"); @@ -551,12 +557,12 @@ sm_verify_cmsg (CamelCipherContext *context, PLArenaPool *poolp = NULL; CamelStream *mem; NSSCMSVerificationStatus status; + CamelCipherValiditySign sign_status = CAMEL_CIPHER_VALIDITY_SIGN_UNKNOWN; CamelCipherValidity *valid; GString *description; description = g_string_new (""); valid = camel_cipher_validity_new (); - camel_cipher_validity_set_valid (valid, TRUE); status = NSSCMSVS_Unverified; /* NB: this probably needs to go into a decoding routine that can be used for processing @@ -659,7 +665,7 @@ sm_verify_cmsg (CamelCipherContext *context, NSS_CMSSignedData_VerifySignerInfo (sigd, j, p->certdb, certUsageEmailSigner); status = NSS_CMSSignerInfo_GetVerificationStatus (si); - status_description = sm_status_description (status); + status_description = sm_status_description (status, &sign_status); #if defined (NSS_VMAJOR) && defined (NSS_VMINOR) && (NSS_VMAJOR > 3 || (NSS_VMAJOR == 3 && NSS_VMINOR >= 89)) if (status == NSSCMSVS_BadSignature) { @@ -719,9 +725,6 @@ sm_verify_cmsg (CamelCipherContext *context, PORT_Free (cn); if (em) PORT_Free (em); - - if (status != NSSCMSVS_GoodSignature) - camel_cipher_validity_set_valid (valid, FALSE); } } break; @@ -740,7 +743,7 @@ sm_verify_cmsg (CamelCipherContext *context, } } - camel_cipher_validity_set_valid (valid, camel_cipher_validity_get_valid (valid) && status == NSSCMSVS_GoodSignature); + valid->sign.status = sign_status; camel_cipher_validity_set_description (valid, description->str); g_string_free (description, TRUE); |