diff options
author | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2017-12-08 15:09:46 -0500 |
---|---|---|
committer | David Bremner <david@tethera.net> | 2017-12-08 20:35:18 -0400 |
commit | cb855d8a9d24084d0965790782c1ce04b82aa9ca (patch) | |
tree | 9230c9a5b39989ebf0be0eb004f9ef4c525046fa /notmuch-show.c | |
parent | 83f266136369452b859393429b8530efac2e09fb (diff) |
crypto: signature verification reports valid User IDs
When i'm trying to understand a message signature, i care that i know
who it came from (the "validity" of the identity associated with the
key), *not* whether i'm willing to accept the keyholder's other
identity assertions (the "trust" associated with the certificate).
We've been reporting User ID information based on the "trust"
associated with the certificate, because GMime didn't clearly expose
the validity of the User IDs.
This change relies on fixes made in GMime 3.0.3 and later which
include https://github.com/jstedfast/gmime/pull/18.
Diffstat (limited to 'notmuch-show.c')
-rw-r--r-- | notmuch-show.c | 10 |
1 files changed, 3 insertions, 7 deletions
diff --git a/notmuch-show.c b/notmuch-show.c index 74e77249..bb44d938 100644 --- a/notmuch-show.c +++ b/notmuch-show.c @@ -446,15 +446,11 @@ format_part_sigstatus_sprinter (sprinter_t *sp, mime_node_t *node) sp->map_key (sp, "expires"); sp->integer (sp, expires); } - /* output user id only if validity is FULL or ULTIMATE. */ - /* note that gmime is using the term "trust" here, which - * is WRONG. It's actually user id "validity". */ if (certificate) { - const char *name = g_mime_certificate_get_uid (certificate); - GMimeCertificateTrust trust = g_mime_certificate_get_trust (certificate); - if (name && (trust == GMIME_CERTIFICATE_TRUST_FULLY || trust == GMIME_CERTIFICATE_TRUST_ULTIMATE)) { + const char *uid = g_mime_certificate_get_valid_userid (certificate); + if (uid) { sp->map_key (sp, "userid"); - sp->string (sp, name); + sp->string (sp, uid); } } } else if (certificate) { |