mirror of
https://kernel.googlesource.com/pub/scm/linux/kernel/git/tglx/remail.git
synced 2024-11-09 14:02:38 +01:00
remail/smime: Use certificate embedded in signature for verification
An open list does not have the certificate of senders and for signature verification there is no requirement to have the certificate on disk. Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
This commit is contained in:
parent
43a0b5cb47
commit
ea361f973c
1 changed files with 5 additions and 6 deletions
|
@ -106,16 +106,15 @@ class smime_crypt(object):
|
||||||
'''
|
'''
|
||||||
mfrom = get_raw_email_addr(msg['From'])
|
mfrom = get_raw_email_addr(msg['From'])
|
||||||
|
|
||||||
crt = os.path.join(self.config.list_certs, mfrom + '.crt')
|
p7_bio = BIO.MemoryBuffer(msg.as_bytes())
|
||||||
x509 = X509.load_cert(crt)
|
p7, data = SMIME.smime_load_pkcs7_bio(p7_bio)
|
||||||
sk = X509.X509_Stack()
|
|
||||||
sk.push(x509)
|
sk = p7.get0_signers(X509.X509_Stack())
|
||||||
|
|
||||||
self.smime.set_x509_stack(sk)
|
self.smime.set_x509_stack(sk)
|
||||||
store = X509.X509_Store()
|
store = X509.X509_Store()
|
||||||
store.load_info(self.config.ca_certs)
|
store.load_info(self.config.ca_certs)
|
||||||
self.smime.set_x509_store(store)
|
self.smime.set_x509_store(store)
|
||||||
p7_bio = BIO.MemoryBuffer(msg.as_bytes())
|
|
||||||
p7, data = SMIME.smime_load_pkcs7_bio(p7_bio)
|
|
||||||
|
|
||||||
msgout = self.smime.verify(p7, data, flags=self.ca_verify)
|
msgout = self.smime.verify(p7, data, flags=self.ca_verify)
|
||||||
msg_set_header(msg, 'Signature-Id', mfrom)
|
msg_set_header(msg, 'Signature-Id', mfrom)
|
||||||
|
|
Loading…
Reference in a new issue