Merge pull request trusteddomainproject#167 from simplelists/previous…

…_sets Fix invalid ARC-Seal when email contains existing sets This fixes a bug whereby existing sets were not being included in a signature and thus the signature was invalid. This was only happening when Mode was undefined (default value) or only signing. This meant that the code to verify existing sets was never executed. This commit removes the check for running the previous-set verification function, to ensure that it is run regardless (if there are no previous sets then arc_canon_runheaders_seal() is basically a no-op anyway. trusteddomainproject#167
futatuki · Sep 16, 2024 · 7441ad2 · 7441ad2
2 parents 9720bb5 + 2093e7a
commit 7441ad2
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/libopenarc/arc.c b/libopenarc/arc.c
@@ -2916,8 +2916,8 @@ arc_eoh(ARC_MESSAGE *msg)
 		return ARC_STAT_SYNTAX;
 	}
 
-	if ((msg->arc_mode & ARC_MODE_VERIFY) != 0 &&
-	    msg->arc_cstate != ARC_CHAIN_FAIL)
+	/* need to verify previous sets even if running in sign mode */
+	if (msg->arc_cstate != ARC_CHAIN_FAIL)
 	{
 		status = arc_canon_runheaders_seal(msg);
 		if (status != ARC_STAT_OK)