config: Introduce an enabled flag for S/MIME

This allows setups where there is no S/MIME. In some scenarios using just
GPG is fine and S/MIME might even be discouraged. Previously this required
to provide a dummy S/MIME key just to make remail happy. With this new flag
there is no need for that key if S/MIME is not required for the list.

Signed-off-by: Andreas Rammhold <andreas@rammhold.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
This commit is contained in:
Andreas Rammhold 2020-03-02 17:11:38 +01:00 committed by Thomas Gleixner
parent bc2b62bdda
commit 8e6e7c2cc5
4 changed files with 18 additions and 6 deletions

View file

@ -13,6 +13,8 @@ use_smtp: True
# S/MIME # S/MIME
smime: smime:
# Enable S/MIME
enabled: True
# Verify CA certs. Only disable for troubleshooting # Verify CA certs. Only disable for troubleshooting
verify: True verify: True

View file

@ -186,9 +186,14 @@ S/MIME options:
.. code-block:: yaml .. code-block:: yaml
smime: smime:
enabled: True
verify: True verify: True
sign: True sign: True
enabled:
Enable S/MIME processing. If this option is set to False then no attempts
are made to process S/MIME mails or keys.
verify: verify:
When handling S/MIME encrypted mail then the validity of the senders key When handling S/MIME encrypted mail then the validity of the senders key

View file

@ -189,6 +189,7 @@ class archive_config(object):
print('%*s%-40s: %s' % (indent, '', 'plain_list', self.m_list)) print('%*s%-40s: %s' % (indent, '', 'plain_list', self.m_list))
smime_defaults = { smime_defaults = {
'enabled' : True,
'verify' : True, 'verify' : True,
'sign' : True, 'sign' : True,
} }

View file

@ -35,6 +35,8 @@ class maillist(object):
self.enabled = listcfg.enabled self.enabled = listcfg.enabled
self.use_smtp = use_smtp self.use_smtp = use_smtp
self.smime = None
if self.config.smime.enabled:
self.smime = smime_crypt(self.config.smime, self.config.listaccount) self.smime = smime_crypt(self.config.smime, self.config.listaccount)
self.gpg = gpg_crypt(self.config.gpg, self.config.listaccount) self.gpg = gpg_crypt(self.config.gpg, self.config.listaccount)
@ -72,7 +74,7 @@ class maillist(object):
Encrypt plain text message for the account Encrypt plain text message for the account
''' '''
msg = msg_from_string(msg_plain.as_string()) msg = msg_from_string(msg_plain.as_string())
if account.use_smime: if self.smime and account.use_smime:
self.smime.encrypt(msg, account) self.smime.encrypt(msg, account)
else: else:
self.gpg.encrypt(msg, account) self.gpg.encrypt(msg, account)
@ -143,6 +145,8 @@ class maillist(object):
''' '''
msg_sanitize_incoming(msg) msg_sanitize_incoming(msg)
msg_plain = None
if self.smime:
msg_plain = self.smime.decrypt(msg) msg_plain = self.smime.decrypt(msg)
if not msg_plain: if not msg_plain:
msg_plain = self.gpg.decrypt(msg) msg_plain = self.gpg.decrypt(msg)
@ -303,10 +307,10 @@ class maillist(object):
for account in self.config.subscribers.values(): for account in self.config.subscribers.values():
if not account.enabled: if not account.enabled:
continue continue
if not account.use_smime: if account.use_smime and self.smime:
self.gpg.check_key(account)
else:
self.smime.check_cert(account) self.smime.check_cert(account)
else:
self.gpg.check_key(account)
class maillist_checker(object): class maillist_checker(object):
''' '''