The verify_after_sign setting was not running prior to #1638, which "fixed" it to run. There was a problem discovered in the implementation in that it stops on the first validation error, even in the case that you attest to an ingredient's validation error. Thus, this setting was disabled by default in #1746.
There is also an additional edge case documented in #1704 when signing with the "application/c2pa" format.
The issue originates here:
|
let verify_after_sign = settings.verify.verify_after_sign; |
|
// Also catch the case where we may have written to io::empty() or similar |
|
if verify_after_sign && output_stream.seek(SeekFrom::End(0))? > 0 { |
|
// verify the store |
|
let mut validation_log = |
|
StatusTracker::with_error_behavior(ErrorBehavior::StopOnFirstError); |
|
if _sync { |
|
Store::verify_store( |
|
self, |
|
&mut crate::claim::ClaimAssetData::Stream(output_stream, format), |
|
&mut validation_log, |
|
context, |
|
)?; |
|
} else { |
|
Store::verify_store_async( |
|
self, |
|
&mut crate::claim::ClaimAssetData::Stream(output_stream, format), |
|
&mut validation_log, |
|
context, |
|
) |
|
.await?; |
|
} |
|
} |
The
verify_after_signsetting was not running prior to #1638, which "fixed" it to run. There was a problem discovered in the implementation in that it stops on the first validation error, even in the case that you attest to an ingredient's validation error. Thus, this setting was disabled by default in #1746.There is also an additional edge case documented in #1704 when signing with the "application/c2pa" format.
The issue originates here:
c2pa-rs/sdk/src/store.rs
Lines 3057 to 3079 in 262b7b3