sm: Allow decryption even if expired other keys are configured.

* sm/gpgsm.c (main): Add special handling for bad keys in decrypt mode. -- The problem can easily be tested by adding --encrypt-to EXPIRED_KEY to a decryption command. With that patch the errors are printed but decryption continues and the process returns success unless other errors occur. GnuPG-bug-id: 4431 Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-26 13:31:06 +01:00 · 2019-03-26 13:31:06 +01:00 · 30972d2182
parent 1c2fa8b6d7
commit 30972d2182
1 changed files with 11 additions and 0 deletions
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@ -1736,6 +1736,8 @@ main ( int argc, char **argv)

  if (!do_not_setup_keys)
    {
+      int errcount = log_get_errorcount (0);
+
      for (sl = locusr; sl ; sl = sl->next)
        {
          int rc = gpgsm_add_to_certlist (&ctrl, sl->d, 1, &signerlist, 0);
@ -1764,6 +1766,15 @@ main ( int argc, char **argv)
            if ((sl->flags & 1))
              do_add_recipient (&ctrl, sl->d, &recplist, 1, recp_required);
        }
+
+      /* We do not require a recipient for decryption but because
+       * recipients and signers are always checked and log_error is
+       * sometimes used (for failed signing keys or due to a failed
+       * CRL checking) that would have bumbed up the error counter.
+       * We clear the counter in the decryption case because there is
+       * no reason to force decryption to fail. */
+      if (cmd == aDecrypt && !errcount)
+        log_get_errorcount (1); /* clear counter */
    }

  if (log_get_errorcount(0))