From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dkg@fifthhorseman.net>
Received: from localhost (localhost [127.0.0.1])
 by arlo.cworth.org (Postfix) with ESMTP id 37C3B6DE0E8C
 for <notmuch@notmuchmail.org>; Sat, 20 Apr 2019 10:03:11 -0700 (PDT)
X-Virus-Scanned: Debian amavisd-new at cworth.org
X-Spam-Flag: NO
X-Spam-Score: -0.234
X-Spam-Level: 
X-Spam-Status: No, score=-0.234 tagged_above=-999 required=5
 tests=[AWL=-0.033, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
 DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001,
 SPF_PASS=-0.001] autolearn=disabled
Received: from arlo.cworth.org ([127.0.0.1])
 by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id tcsw5wgd3i9W for <notmuch@notmuchmail.org>;
 Sat, 20 Apr 2019 10:03:10 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118])
 by arlo.cworth.org (Postfix) with ESMTPS id 39B426DE0E84
 for <notmuch@notmuchmail.org>; Sat, 20 Apr 2019 10:03:10 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; 
 d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; 
 s=2019; t=1555779787; h=from : to : subject : date : 
 message-id : mime-version : content-transfer-encoding : 
 from; bh=DWwTrdhL2zpIFMH7tZ4+lsCbAeAsjEFNlsP283KdSIw=; 
 b=NpgcFcknVYO+reOu28fexGj+h78ETZeE5CQTMdqyiKNOuN+76hPOdZ+V
 TMVBzGIGHm4vIpZ2vzUDP76qpEerBw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; 
 i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1555779787; 
 h=from : to : subject : date : message-id : mime-version 
 : content-transfer-encoding : from; 
 bh=DWwTrdhL2zpIFMH7tZ4+lsCbAeAsjEFNlsP283KdSIw=; 
 b=3/VWSFHoKaBk9yMUi+GqSYcvnqEJymLCHFGnGcvu0+QzRcUUE6sE3HZG
 GjaruUGq6uFOGx7T3ECjMaWxhGSvexEF9/oKQYtZ33FEIuj+jug8MJM87o
 3+cXZ3YXXC06gLe+SzS23Sb62QSa9MiocWEK/oUCWA2qHx/oX3yCI4hy4T
 P8Ri5KmKsDv8SvXKRdaVkBDhS8y2lKepF5MwxBqNbADnliNnCCzABcPGTe
 FeE/5InxrnCJQLMGSXXk22vGOCC/9ssuorM68wi2PMQdNoO4EIaUZkRJ2j
 dSd9AkVJlTs1bdR/Yfe/kRejZjvSSvwlxLJLPXHARWtoD3JZEXcvbw==
Received: from fifthhorseman.net (unknown
 [IPv6:2001:470:1f07:60d:4864:1fff:fe17:5aa8])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by che.mayfirst.org (Postfix) with ESMTPSA id A8DE2F99D
 for <notmuch@notmuchmail.org>; Sat, 20 Apr 2019 13:03:05 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000)
 id 60B572040E; Sat, 20 Apr 2019 13:02:57 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Notmuch Mail <notmuch@notmuchmail.org>
Subject: [PATCH] crypto: Avoid pretending to verify signatures on unsigned
 encrypted mail
Date: Sat, 20 Apr 2019 13:02:57 -0400
Message-Id: <20190420170257.8189-1-dkg@fifthhorseman.net>
X-Mailer: git-send-email 2.20.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-BeenThere: notmuch@notmuchmail.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Use and development of the notmuch mail system."
 <notmuch.notmuchmail.org>
List-Unsubscribe: <https://notmuchmail.org/mailman/options/notmuch>,
 <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>
List-Archive: <http://notmuchmail.org/pipermail/notmuch/>
List-Post: <mailto:notmuch@notmuchmail.org>
List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
List-Subscribe: <https://notmuchmail.org/mailman/listinfo/notmuch>,
 <mailto:notmuch-request@notmuchmail.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Apr 2019 17:03:11 -0000

Unsigned encrypted mail shows up with a weird empty signature list.
If we successfully decrypted and there was no signature in it, we
should just not show a sigstatus at all.

The documentation for g_mime_decrypt_result_get_signatures says:

    a GMimeSignatureList or NULL if the stream was not signed.
---
 mime-node.c         | 2 +-
 test/T350-crypto.sh | 1 -
 2 files changed, 1 insertion(+), 2 deletions(-)

This was originally sent to the list as part of a longer patch series
in id:20180511055544.13676-3-dkg@fifthhorseman.net but i think it
stands alone, and it would help me to reduce the size of the
outstanding patch series to get it applied to master :)

diff --git a/mime-node.c b/mime-node.c
index 2a24e537..1bfb479b 100644
--- a/mime-node.c
+++ b/mime-node.c
@@ -218,12 +218,12 @@ node_decrypt_and_verify (mime_node_t *node, GMimeObject *part,
     }
 
     node->decrypt_success = true;
-    node->verify_attempted = true;
 
     if (decrypt_result) {
 	/* This may be NULL if the part is not signed. */
 	node->sig_list = g_mime_decrypt_result_get_signatures (decrypt_result);
 	if (node->sig_list) {
+	    node->verify_attempted = true;
 	    g_object_ref (node->sig_list);
 	    set_signature_list_destructor (node);
 	}
diff --git a/test/T350-crypto.sh b/test/T350-crypto.sh
index 73aa58de..80d57847 100755
--- a/test/T350-crypto.sh
+++ b/test/T350-crypto.sh
@@ -271,7 +271,6 @@ expected='[[[{"id": "XXXXX",
  "Date": "Sat, 01 Jan 2000 12:00:00 +0000"},
  "body": [{"id": 1,
  "encstatus": [{"status": "good"}],
- "sigstatus": [],
  "content-type": "multipart/encrypted",
  "content": [{"id": 2,
  "content-type": "application/pgp-encrypted",
-- 
2.20.1