Gnus development mailing list
 help / color / mirror / Atom feed
From: Dave Goldberg <david.goldberg6@verizon.net>
To: ding@gnus.org
Subject: Bug#6654
Date: Mon, 26 Jul 2010 18:10:03 -0400	[thread overview]
Message-ID: <841vap6gjo.fsf@davestoy.home> (raw)

I updated today and was excited to see the ChangeLog entry referring
to the subject bug report, about the inability to encrypt to multiple
recipients using s/mime.  I've posted here about that before (which I
mistakenly thought was the same as submitting a bug report) and I've
long had a workaround for it, which I'm pretty sure I've posted here
as well, and am glad to no longer need it.

Well mostly.  With the fix, I am indeed now able to use
mml-secure-encrypt-smime and the resulting #secure tag rather than
manually building a multipart.  However, by default I am prompted not
only to provide a key (or rather tell Gnus where to look) but also
have to manually figure out which recipient's key I need to specify
for each prompt.  For a short list, that's not horrible, but for a
long one, which is something I often have to deal with at work, it's
not hard to miss someone and end up messing up the encryption for
subsequent users on the list.  This is a problem I solved as part of
my workaround, which parses the To: Cc: and Gcc: headers to come up
with the list of recipients and fill in the certfile tags based on
that (the Gcc check just results in a call for my personal key if Gcc
exists)

I notice in mml-smime.el a couple of relevant functions with this comment

  ;; todo: deal with comma separated multiple recipients

so I'm hoping that my code proves useful toward that end.  As written
it's tied too closely to a personal cert caching setup I have, which
in turn is tied to how PKI is done at work, so I can't offer it as a
patch, at least not now.  It's also only been tested on XEmacs 21.4.
However it does fit the structure of the current mml-smime code in
that it integrates via mml-encrypt-alist.

So with that here is the code.

(setq mml-encrypt-alist
      '(("smime" mml-smime-encrypt-buffer dsg-message-make-cert-tags)))

(defun dsg-message-make-cert-tags ()
  (let ((certlist
	 (mapcar 'cadr (mail-extract-address-components
			(concat (message-fetch-field "to") ","
				(message-fetch-field "cc")) t)))
	(gcc-key (if (message-fetch-field "gcc")
		     (cadar smime-keys)))
	certtags)
    (while certlist
      (setq certtags (append certtags (list 'certfile (dsg-get-address-cert
						       (car certlist)))))
      (setq certlist (cdr certlist)))
    (append certtags (list 'certfile gcc-key))))

(defun dsg-get-address-cert (ADDRESS)
  ;; return expected certificate file name.  If non-existent, attempt
  ;; to get it from LDAP.  
  (let* ((mailaddr (downcase ADDRESS))
	 (certfilename
	  (concat
	   (expand-file-name mailaddr smime-certificate-directory) ".pem"))
	 (certbuf  (smime-cert-by-ldap mailaddr)))
    (cond ((not (or (file-exists-p certfilename) certbuf))
	   (error "No certificate available for %s" mailaddr))
	  ((and certbuf (not (file-exists-p certfilename)))
	   (save-excursion
	     (set-buffer certbuf)
	     (write-file certfilename))
	   (kill-buffer certbuf)
	   certfilename)
	  (certbuf
	   (if (get-buffer dsg-cert-buffer)
	       (progn
		 (save-excursion
		   (set-buffer (get-buffer-create dsg-cert-history))
		   (goto-char (point-max))
		   (insert-buffer dsg-cert-buffer))
		 (erase-buffer dsg-cert-buffer)))
	   (dsg-verify-cert certfilename)
	   (save-window-excursion
	     (set-buffer dsg-cert-buffer)
	     (goto-char (point-min))
	     (if (looking-at ".*OK$\\|^$")
		 certfilename
	       (delete-file certfilename)
	       (save-excursion
		 (set-buffer certbuf)
		 (write-file certfilename)))
	     (kill-buffer certbuf)
	     certfilename))
	  (t certfilename))))

(defun dsg-verify-cert (PEM)
  "Verify the certificate stored in PEM"
  (interactive (list (read-file-name "Cert file: "
				     smime-certificate-directory)))
  (let ((buffer (get-buffer-create dsg-cert-buffer)))
    (save-excursion
      (if (fboundp 'set-buffer-file-coding-system)
	  (set-buffer-file-coding-system 'binary))
      (set-buffer buffer)
      (goto-char (point-max))
      (call-process "openssl" nil t t
		    "verify" "-CApath" smime-CA-directory
		    (expand-file-name PEM))
      (recenter -1 (get-buffer-window buffer)))
    (display-buffer buffer)
    (shrink-window-if-larger-than-buffer (get-buffer-window buffer))))

-- 
Dave Goldberg
david.goldberg6@verizon.net



             reply	other threads:[~2010-07-26 22:10 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-07-26 22:10 Dave Goldberg [this message]
2010-07-27  4:19 ` Bug#6654 Daiki Ueno
2010-07-27  7:26   ` Bug#6654 David Engster
2010-07-28  1:38     ` Bug#6654 Dave Goldberg
2010-07-28  5:35       ` gpgsm for S/MIME (was Re: Bug#6654) David Engster

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=841vap6gjo.fsf@davestoy.home \
    --to=david.goldberg6@verizon.net \
    --cc=ding@gnus.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).