From ea361f973c42a7514cc8c1562f6ffa717867bce6 Mon Sep 17 00:00:00 2001
From: Thomas Gleixner <tglx@linutronix.de>
Date: Wed, 2 Sep 2020 14:45:10 +0200
Subject: [PATCH] remail/smime: Use certificate embedded in signature for
 verification

An open list does not have the certificate of senders and for signature
verification there is no requirement to have the certificate on disk.

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
---
 remail/smime.py | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/remail/smime.py b/remail/smime.py
index 840f736..fd9e60c 100644
--- a/remail/smime.py
+++ b/remail/smime.py
@@ -106,16 +106,15 @@ class smime_crypt(object):
         '''
         mfrom = get_raw_email_addr(msg['From'])
 
-        crt = os.path.join(self.config.list_certs, mfrom + '.crt')
-        x509 = X509.load_cert(crt)
-        sk = X509.X509_Stack()
-        sk.push(x509)
+        p7_bio = BIO.MemoryBuffer(msg.as_bytes())
+        p7, data = SMIME.smime_load_pkcs7_bio(p7_bio)
+
+        sk = p7.get0_signers(X509.X509_Stack())
+
         self.smime.set_x509_stack(sk)
         store = X509.X509_Store()
         store.load_info(self.config.ca_certs)
         self.smime.set_x509_store(store)
-        p7_bio = BIO.MemoryBuffer(msg.as_bytes())
-        p7, data = SMIME.smime_load_pkcs7_bio(p7_bio)
 
         msgout = self.smime.verify(p7, data, flags=self.ca_verify)
         msg_set_header(msg, 'Signature-Id', mfrom)