1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
From: Werner Koch <wk@gnupg.org>
Date: Tue, 26 Mar 2019 13:31:06 +0100
Subject: sm: Allow decryption even if expired other keys are configured.
* sm/gpgsm.c (main): Add special handling for bad keys in decrypt
mode.
--
The problem can easily be tested by adding --encrypt-to EXPIRED_KEY to
a decryption command. With that patch the errors are printed but
decryption continues and the process returns success unless other
errors occur.
GnuPG-bug-id: 4431
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 30972d21824264aef2088d30b4f2e5ce3aca889e)
---
sm/gpgsm.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/sm/gpgsm.c b/sm/gpgsm.c
index 52f26e2..598caa2 100644
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@@ -1732,6 +1732,8 @@ main ( int argc, char **argv)
if (!do_not_setup_keys)
{
+ int errcount = log_get_errorcount (0);
+
for (sl = locusr; sl ; sl = sl->next)
{
int rc = gpgsm_add_to_certlist (&ctrl, sl->d, 1, &signerlist, 0);
@@ -1760,6 +1762,15 @@ main ( int argc, char **argv)
if ((sl->flags & 1))
do_add_recipient (&ctrl, sl->d, &recplist, 1, recp_required);
}
+
+ /* We do not require a recipient for decryption but because
+ * recipients and signers are always checked and log_error is
+ * sometimes used (for failed signing keys or due to a failed
+ * CRL checking) that would have bumbed up the error counter.
+ * We clear the counter in the decryption case because there is
+ * no reason to force decryption to fail. */
+ if (cmd == aDecrypt && !errcount)
+ log_get_errorcount (1); /* clear counter */
}
if (log_get_errorcount(0))
|
