mirror of
https://git.notmuchmail.org/git/notmuch
synced 2024-11-24 20:08:10 +01:00
tests: disable CRL checks from gpgsm
GPGME has a strange failure mode when it is in offline mode, and/or when certificates don't have any CRLs: in particular, it refuses to accept the validity of any certificate other than a "root" cert. This can be worked around by setting the `disable-crl-checks` configuration variable for gpgsm. I've reported this to the GPGME upstream at https://dev.gnupg.org/T4883, but I have no idea how it will be resolved. In the meantime, we'll just work around it. Note that this fixes the test for verification of id:smime-multipart-signed@protected-headers.example, because multipart/signed messages are already handled correctly (one-part PKCS#7 messages will get fixed later). Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
This commit is contained in:
parent
b415ec06c3
commit
9055dfdae4
2 changed files with 2 additions and 2 deletions
|
@ -157,7 +157,7 @@ test_expect_equal "$output" id:protected-with-legacy-display@crypto.notmuchmail.
|
||||||
|
|
||||||
for variant in multipart-signed onepart-signed; do
|
for variant in multipart-signed onepart-signed; do
|
||||||
test_begin_subtest "verify signed PKCS#7 subject ($variant)"
|
test_begin_subtest "verify signed PKCS#7 subject ($variant)"
|
||||||
test_subtest_known_broken
|
[ "$variant" = multipart-signed ] || test_subtest_known_broken
|
||||||
output=$(notmuch show --verify --format=json "id:smime-${variant}@protected-headers.example")
|
output=$(notmuch show --verify --format=json "id:smime-${variant}@protected-headers.example")
|
||||||
test_json_nodes <<<"$output" \
|
test_json_nodes <<<"$output" \
|
||||||
'signed_subject:[0][0][0]["crypto"]["signed"]["headers"]=["Subject"]' \
|
'signed_subject:[0][0][0]["crypto"]["signed"]["headers"]=["Subject"]' \
|
||||||
|
|
|
@ -144,7 +144,7 @@ add_gpgsm_home ()
|
||||||
echo "$fpr S relax" >> "$GNUPGHOME/trustlist.txt"
|
echo "$fpr S relax" >> "$GNUPGHOME/trustlist.txt"
|
||||||
gpgsm --quiet --batch --no-tty --no-common-certs-import --disable-dirmngr --import < $NOTMUCH_SRCDIR/test/smime/ca.crt
|
gpgsm --quiet --batch --no-tty --no-common-certs-import --disable-dirmngr --import < $NOTMUCH_SRCDIR/test/smime/ca.crt
|
||||||
echo "4D:E0:FF:63:C0:E9:EC:01:29:11:C8:7A:EE:DA:3A:9A:7F:6E:C1:0D S" >> "$GNUPGHOME/trustlist.txt"
|
echo "4D:E0:FF:63:C0:E9:EC:01:29:11:C8:7A:EE:DA:3A:9A:7F:6E:C1:0D S" >> "$GNUPGHOME/trustlist.txt"
|
||||||
echo include-certs::1 | gpgconf --output /dev/null --change-options gpgsm
|
printf '%s::1\n' include-certs disable-crl-checks | gpgconf --output /dev/null --change-options gpgsm
|
||||||
gpgsm --batch --no-tty --no-common-certs-import --pinentry-mode=loopback --passphrase-fd 3 \
|
gpgsm --batch --no-tty --no-common-certs-import --pinentry-mode=loopback --passphrase-fd 3 \
|
||||||
--disable-dirmngr --import "$NOTMUCH_SRCDIR/test/smime/bob.p12" >>"$GNUPGHOME"/import.log 2>&1 3<<<''
|
--disable-dirmngr --import "$NOTMUCH_SRCDIR/test/smime/bob.p12" >>"$GNUPGHOME"/import.log 2>&1 3<<<''
|
||||||
test_debug "cat $GNUPGHOME/import.log"
|
test_debug "cat $GNUPGHOME/import.log"
|
||||||
|
|
Loading…
Reference in a new issue