remail/smime: Use certificate embedded in signature for verification

An open list does not have the certificate of senders and for signature
verification there is no requirement to have the certificate on disk.

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
This commit is contained in:
Thomas Gleixner 2020-09-02 14:45:10 +02:00
parent 43a0b5cb47
commit ea361f973c

View file

@ -106,16 +106,15 @@ class smime_crypt(object):
''' '''
mfrom = get_raw_email_addr(msg['From']) mfrom = get_raw_email_addr(msg['From'])
crt = os.path.join(self.config.list_certs, mfrom + '.crt') p7_bio = BIO.MemoryBuffer(msg.as_bytes())
x509 = X509.load_cert(crt) p7, data = SMIME.smime_load_pkcs7_bio(p7_bio)
sk = X509.X509_Stack()
sk.push(x509) sk = p7.get0_signers(X509.X509_Stack())
self.smime.set_x509_stack(sk) self.smime.set_x509_stack(sk)
store = X509.X509_Store() store = X509.X509_Store()
store.load_info(self.config.ca_certs) store.load_info(self.config.ca_certs)
self.smime.set_x509_store(store) self.smime.set_x509_store(store)
p7_bio = BIO.MemoryBuffer(msg.as_bytes())
p7, data = SMIME.smime_load_pkcs7_bio(p7_bio)
msgout = self.smime.verify(p7, data, flags=self.ca_verify) msgout = self.smime.verify(p7, data, flags=self.ca_verify)
msg_set_header(msg, 'Signature-Id', mfrom) msg_set_header(msg, 'Signature-Id', mfrom)