From 4c0d4a4b35360dd73fdf9cdcc6cc9b93f8948210 Mon Sep 17 00:00:00 2001
From: Paul Arthur <paul.arthur@flowerysong.com>
Date: Wed, 2 Oct 2024 22:54:07 +0000
Subject: [PATCH] Correctly indicate no auth result in AAR

It is not valid to have no authentication results; if no message
authentication was performed the special value no-result
(`[CFWS] ";" [CFWS] "none"`) should be used.

https://github.com/trusteddomainproject/OpenARC/issues/174
---
 libopenarc/arc.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/libopenarc/arc.c b/libopenarc/arc.c
index 1c6c9ded..e2622427 100644
--- a/libopenarc/arc.c
+++ b/libopenarc/arc.c
@@ -3213,8 +3213,12 @@ arc_getseal(ARC_MESSAGE *msg, ARC_HDRFIELD **seal, char *authservid,
 	arc_dstring_printf(dstr, "ARC-Authentication-Results:i=%u; %s",
 	                   msg->arc_nsets + 1,
 	                   msg->arc_authservid);
-	if (ar != NULL)
+	if (ar == NULL) {
+		/* no-result per RFC 8601 2.2 */
+		arc_dstring_printf(dstr, "; none");
+	} else {
 		arc_dstring_printf(dstr, "; %s", (char *) ar);
+	}
 
 	status = arc_parse_header_field(msg, arc_dstring_get(dstr),
 	                                arc_dstring_len(dstr), &h);