From cd6fddc3a5f7ebc2cdf883e8bcb016045cdb0529 Mon Sep 17 00:00:00 2001
From: iequidoo <dgreshilov@gmail.com>
Date: Thu, 2 Apr 2026 16:29:46 -0300
Subject: [PATCH] feat: Ignore secured headers in signed-only messages

It was unclear why some `mimeparser` checks look at signatures for signed-only messages, e.g. when
deciding whether to remove secured headers such as "Secure-Join", and others don't do that. Better
don't look at signatures of signed-only messages at all, we don't want to process them in any
special way, they should follow the same code paths as usual unencrypted messages.
---
 src/mimeparser.rs | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/src/mimeparser.rs b/src/mimeparser.rs
index e57c31e10..57a1a9aa7 100644
--- a/src/mimeparser.rs
+++ b/src/mimeparser.rs
@@ -24,6 +24,7 @@ use crate::context::Context;
 use crate::decrypt::{self, validate_detached_signature};
 use crate::dehtml::dehtml;
 use crate::download::PostMsgMetadata;
+use crate::ensure_and_debug_assert;
 use crate::events::EventType;
 use crate::headerdef::{HeaderDef, HeaderDefMap};
 use crate::key::{self, DcKey, Fingerprint, SignedPublicKey};
@@ -517,6 +518,7 @@ impl MimeMessage {
         }
 
         let mut signatures = if let Some(ref decrypted_msg) = decrypted_msg {
+            ensure_and_debug_assert!(is_encrypted,);
             crate::pgp::valid_signature_fingerprints(decrypted_msg, &public_keyring)
         } else {
             HashMap::new()
@@ -525,11 +527,13 @@ impl MimeMessage {
         let mail = mail.as_ref().map(|mail| {
             let (content, signatures_detached) = validate_detached_signature(mail, &public_keyring)
                 .unwrap_or((mail, Default::default()));
-            let signatures_detached = signatures_detached
-                .into_iter()
-                .map(|fp| (fp, Vec::new()))
-                .collect::<HashMap<_, _>>();
-            signatures.extend(signatures_detached);
+            if is_encrypted {
+                let signatures_detached = signatures_detached
+                    .into_iter()
+                    .map(|fp| (fp, Vec::new()))
+                    .collect::<HashMap<_, _>>();
+                signatures.extend(signatures_detached);
+            }
             content
         });
 
@@ -613,9 +617,6 @@ impl MimeMessage {
         if signatures.is_empty() {
             Self::remove_secured_headers(&mut headers, &mut headers_removed, is_encrypted);
         }
-        if !is_encrypted {
-            signatures.clear();
-        }
 
         if let (Ok(mail), true) = (mail, is_encrypted)
             && let Some(post_msg_rfc724_mid) =