diff options
| author | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2017-12-08 15:09:46 -0500 |
|---|---|---|
| committer | David Bremner <david@tethera.net> | 2017-12-08 20:35:18 -0400 |
| commit | cb855d8a9d24084d0965790782c1ce04b82aa9ca (patch) | |
| tree | 9230c9a5b39989ebf0be0eb004f9ef4c525046fa /util/gmime-extra.c | |
| parent | 83f266136369452b859393429b8530efac2e09fb (diff) | |
crypto: signature verification reports valid User IDs
When i'm trying to understand a message signature, i care that i know
who it came from (the "validity" of the identity associated with the
key), *not* whether i'm willing to accept the keyholder's other
identity assertions (the "trust" associated with the certificate).
We've been reporting User ID information based on the "trust"
associated with the certificate, because GMime didn't clearly expose
the validity of the User IDs.
This change relies on fixes made in GMime 3.0.3 and later which
include https://github.com/jstedfast/gmime/pull/18.
Diffstat (limited to 'util/gmime-extra.c')
| -rw-r--r-- | util/gmime-extra.c | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/util/gmime-extra.c b/util/gmime-extra.c index 901d4d56..bc1e3c4d 100644 --- a/util/gmime-extra.c +++ b/util/gmime-extra.c @@ -33,6 +33,21 @@ g_string_talloc_strdup (void *ctx, char *g_string) #if (GMIME_MAJOR_VERSION < 3) +const char * +g_mime_certificate_get_valid_userid (GMimeCertificate *cert) +{ + /* output user id only if validity is FULL or ULTIMATE. */ + /* note that gmime 2.6 is using the term "trust" here, which + * is WRONG. It's actually user id "validity". */ + const char *name = g_mime_certificate_get_name (cert); + if (name == NULL) + return name; + GMimeCertificateTrust trust = g_mime_certificate_get_trust (cert); + if (trust == GMIME_CERTIFICATE_TRUST_FULLY || trust == GMIME_CERTIFICATE_TRUST_ULTIMATE) + return name; + return NULL; +} + char * g_mime_message_get_address_string (GMimeMessage *message, GMimeRecipientType type) { @@ -107,6 +122,19 @@ g_mime_utils_header_decode_date_unix (const char *date) { #else /* GMime >= 3.0 */ +const char * +g_mime_certificate_get_valid_userid (GMimeCertificate *cert) +{ + /* output user id only if validity is FULL or ULTIMATE. */ + const char *uid = g_mime_certificate_get_user_id (cert); + if (uid == NULL) + return uid; + GMimeValidity validity = g_mime_certificate_get_id_validity (cert); + if (validity == GMIME_VALIDITY_FULL || validity == GMIME_VALIDITY_ULTIMATE) + return uid; + return NULL; +} + const char* g_mime_certificate_get_fpr16 (GMimeCertificate *cert) { const char *fpr = g_mime_certificate_get_fingerprint (cert); |