diff options
| author | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2020-03-19 00:15:08 -0400 |
|---|---|---|
| committer | David Bremner <david@tethera.net> | 2020-04-30 18:02:38 -0300 |
| commit | 9055dfdae41ba762b12434fe678fc524ea3ed618 (patch) | |
| tree | edf22a4fd27817bdacaf7e88436acc7c36ccae2a /test/T356-protected-headers.sh | |
| parent | b415ec06c309974247d202c21a0f9f1b0d828f5d (diff) | |
tests: disable CRL checks from gpgsm
GPGME has a strange failure mode when it is in offline mode, and/or
when certificates don't have any CRLs: in particular, it refuses to
accept the validity of any certificate other than a "root" cert.
This can be worked around by setting the `disable-crl-checks`
configuration variable for gpgsm.
I've reported this to the GPGME upstream at
https://dev.gnupg.org/T4883, but I have no idea how it will be
resolved. In the meantime, we'll just work around it.
Note that this fixes the test for verification of
id:smime-multipart-signed@protected-headers.example, because
multipart/signed messages are already handled correctly (one-part
PKCS#7 messages will get fixed later).
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Diffstat (limited to 'test/T356-protected-headers.sh')
| -rwxr-xr-x | test/T356-protected-headers.sh | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/test/T356-protected-headers.sh b/test/T356-protected-headers.sh index b7a83715..520cb71c 100755 --- a/test/T356-protected-headers.sh +++ b/test/T356-protected-headers.sh @@ -157,7 +157,7 @@ test_expect_equal "$output" id:protected-with-legacy-display@crypto.notmuchmail. for variant in multipart-signed onepart-signed; do test_begin_subtest "verify signed PKCS#7 subject ($variant)" - test_subtest_known_broken + [ "$variant" = multipart-signed ] || test_subtest_known_broken output=$(notmuch show --verify --format=json "id:smime-${variant}@protected-headers.example") test_json_nodes <<<"$output" \ 'signed_subject:[0][0][0]["crypto"]["signed"]["headers"]=["Subject"]' \ |