caldav: handle shared calendar signature verification gracefully#8
Open
haurucknde wants to merge 1 commit intoacheong08:mainfrom
Open
caldav: handle shared calendar signature verification gracefully#8haurucknde wants to merge 1 commit intoacheong08:mainfrom
haurucknde wants to merge 1 commit intoacheong08:mainfrom
Conversation
When accessing shared calendars, event signature verification fails because the signer's key (the calendar owner) isn't always available in the reader's keyring. Previously this caused a fatal error that crashed the entire calendar query. Changes: - readEventCard: make SignatureError non-fatal (log warning, continue). The event data is still readable via E2E decryption; only the authorship signature can't be verified. - QueryCalendarObjects: skip individual events that fail to decode instead of aborting the entire query. This matches the resilient pattern already used elsewhere and prevents one bad event from blocking access to all others. Tested with a shared Proton Calendar (owner ≠ reader) — all events now load correctly where they previously caused "signature made by unknown entity" errors. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
When accessing shared calendars via CalDAV, event signature verification fails because the signer's key (the calendar owner) isn't available in the reader's keyring. This causes two problems:
readEventCardreturns a fatal error onmd.SignatureError, crashing the entire requestQueryCalendarObjectsaborts on the first event that fails to decode, blocking access to all eventsThis PR makes both paths resilient:
readEventCard:SignatureErroris now non-fatal — logged as a warning but execution continues. The event data is still readable via E2E decryption; only the authorship signature can't be verified.QueryCalendarObjects: Individual events that fail to decode are skipped (with a log message) instead of aborting the entire query. This matches the resilient error-handling pattern and prevents one problematic event from blocking access to all others.Reproduction
signature made by unknown entityTesting
Tested with a real shared Proton Calendar (owner ≠ reader). All 13 events from the shared calendar now load correctly where they previously caused fatal errors. Read and write operations (PUT/DELETE) on the shared calendar also work as expected.
Changes
caldav/caldav.go: Addlogimportcaldav/caldav.goreadEventCard(): MakeSignatureErrornon-fatal (log + continue)caldav/caldav.goQueryCalendarObjects(): Skip failed events instead of returning error