sm: Allow decryption even if expired other keys are configured.

* sm/gpgsm.c (main): Add special handling for bad keys in decrypt
mode.
--

The problem can easily be tested by adding --encrypt-to EXPIRED_KEY to
a decryption command.  With that patch the errors are printed but
decryption continues and the process returns success unless other
errors occur.

GnuPG-bug-id: 4431
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 30972d21824264aef2088d30b4f2e5ce3aca889e)

Gbp-Pq: Topic from-2.2.15
Gbp-Pq: Name sm-Allow-decryption-even-if-expired-other-keys-are-config.patch

diff --git a/sm/gpgsm.c b/sm/gpgsm.c
index 52f26e21d2dc8ce5154701129e51b6f70f856a66..598caa2bf01a918cc89a0e72c087f569f770d7a1 100644 (file)
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@@ -1732,6 +1732,8 @@ main ( int argc, char **argv)
 
   if (!do_not_setup_keys)
     {
+      int errcount = log_get_errorcount (0);
+
       for (sl = locusr; sl ; sl = sl->next)
         {
           int rc = gpgsm_add_to_certlist (&ctrl, sl->d, 1, &signerlist, 0);
@@ -1760,6 +1762,15 @@ main ( int argc, char **argv)
             if ((sl->flags & 1))
               do_add_recipient (&ctrl, sl->d, &recplist, 1, recp_required);
         }
+
+      /* We do not require a recipient for decryption but because
+       * recipients and signers are always checked and log_error is
+       * sometimes used (for failed signing keys or due to a failed
+       * CRL checking) that would have bumbed up the error counter.
+       * We clear the counter in the decryption case because there is
+       * no reason to force decryption to fail. */
+      if (cmd == aDecrypt && !errcount)
+        log_get_errorcount (1); /* clear counter */
     }
 
   if (log_get_errorcount(0))