diff options
| author | Werner Koch <wk@gnupg.org> | 2019-03-26 13:31:06 +0100 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2019-03-26 13:31:06 +0100 |
| commit | aa58d2a49b3d416d9d6a0691a89f2bc8bc8649ad (patch) | |
| tree | b9e6e038bef37796e4e826b61a15e29d391a416d /sm | |
| parent | agent: Allow other ssh fingerprint algos in KEYINFO. (diff) | |
| download | gnupg2-aa58d2a49b3d416d9d6a0691a89f2bc8bc8649ad.tar.xz gnupg2-aa58d2a49b3d416d9d6a0691a89f2bc8bc8649ad.zip | |
sm: Allow decryption even if expired other keys are configured.
* sm/gpgsm.c (main): Add special handling for bad keys in decrypt
mode.
--
The problem can easily be tested by adding --encrypt-to EXPIRED_KEY to
a decryption command. With that patch the errors are printed but
decryption continues and the process returns success unless other
errors occur.
GnuPG-bug-id: 4431
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'sm')
| -rw-r--r-- | sm/gpgsm.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/sm/gpgsm.c b/sm/gpgsm.c index 70964512c..020072a50 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -1742,6 +1742,8 @@ main ( int argc, char **argv) if (!do_not_setup_keys) { + int errcount = log_get_errorcount (0); + for (sl = locusr; sl ; sl = sl->next) { int rc = gpgsm_add_to_certlist (&ctrl, sl->d, 1, &signerlist, 0); @@ -1770,6 +1772,15 @@ main ( int argc, char **argv) if ((sl->flags & 1)) do_add_recipient (&ctrl, sl->d, &recplist, 1, recp_required); } + + /* We do not require a recipient for decryption but because + * recipients and signers are always checked and log_error is + * sometimes used (for failed signing keys or due to a failed + * CRL checking) that would have bumbed up the error counter. + * We clear the counter in the decryption case because there is + * no reason to force decryption to fail. */ + if (cmd == aDecrypt && !errcount) + log_get_errorcount (1); /* clear counter */ } if (log_get_errorcount(0)) |