revi-archive/remail
1
0
Fork 0
mirror of https://kernel.googlesource.com/pub/scm/linux/kernel/git/tglx/remail.git synced 2024-11-08 13:42:36 +01:00
Code Issues Projects Releases Packages Wiki Activity

remail/smime: Use certificate embedded in signature for verification

Browse source 
An open list does not have the certificate of senders and for signature
verification there is no requirement to have the certificate on disk.

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
This commit is contained in:
Thomas Gleixner 2020-09-02 14:45:10 +02:00
parent 43a0b5cb47
commit ea361f973c
1 changed files with 5 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
remail/smime.py
View file

@ -106,16 +106,15 @@ class smime_crypt(object):
'''
mfrom = get_raw_email_addr(msg['From'])
crt = os.path.join(self.config.list_certs, mfrom + '.crt')
x509 = X509.load_cert(crt)
sk = X509.X509_Stack()
sk.push(x509)
p7_bio = BIO.MemoryBuffer(msg.as_bytes())
p7, data = SMIME.smime_load_pkcs7_bio(p7_bio)
sk = p7.get0_signers(X509.X509_Stack())
self.smime.set_x509_stack(sk)
store = X509.X509_Store()
store.load_info(self.config.ca_certs)
self.smime.set_x509_store(store)
p7_bio = BIO.MemoryBuffer(msg.as_bytes())
p7, data = SMIME.smime_load_pkcs7_bio(p7_bio)
msgout = self.smime.verify(p7, data, flags=self.ca_verify)
msg_set_header(msg, 'Signature-Id', mfrom)