From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/69837 Path: news.gmane.org!not-for-mail From: Dave Goldberg Newsgroups: gmane.emacs.gnus.general Subject: Bug#6654 Date: Mon, 26 Jul 2010 18:10:03 -0400 Message-ID: <841vap6gjo.fsf@davestoy.home> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: dough.gmane.org 1280182296 19381 80.91.229.12 (26 Jul 2010 22:11:36 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Mon, 26 Jul 2010 22:11:36 +0000 (UTC) To: ding@gnus.org Original-X-From: ding-owner+M18227@lists.math.uh.edu Tue Jul 27 00:11:35 2010 Return-path: Envelope-to: ding-account@gmane.org Original-Received: from util0.math.uh.edu ([129.7.128.18]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1OdVtW-000154-Og for ding-account@gmane.org; Tue, 27 Jul 2010 00:11:35 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu) by util0.math.uh.edu with smtp (Exim 4.63) (envelope-from ) id 1OdVsw-0001da-8u; Mon, 26 Jul 2010 17:10:58 -0500 Original-Received: from mx1.math.uh.edu ([129.7.128.32]) by util0.math.uh.edu with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63) (envelope-from ) id 1OdVsu-0001dK-Ce for ding@lists.math.uh.edu; Mon, 26 Jul 2010 17:10:56 -0500 Original-Received: from quimby.gnus.org ([80.91.231.51]) by mx1.math.uh.edu with esmtp (Exim 4.72) (envelope-from ) id 1OdVss-0002Ux-8j for ding@lists.math.uh.edu; Mon, 26 Jul 2010 17:10:55 -0500 Original-Received: from vms173005pub.verizon.net ([206.46.173.5]) by quimby.gnus.org with esmtp (Exim 3.36 #1 (Debian)) id 1OdVsr-0003hn-00 for ; Tue, 27 Jul 2010 00:10:53 +0200 Original-Received: from davestoy.home.verizon.net ([unknown] [173.48.215.19]) by vms173005.mailsrvcs.net (Sun Java(tm) System Messaging Server 7u2-7.02 32bit (built Apr 16 2009)) with ESMTPA id <0L6600EB6QWQDPW4@vms173005.mailsrvcs.net> for ding@gnus.org; Mon, 26 Jul 2010 17:10:03 -0500 (CDT) X-Face: W!bie|rYVd43O:2CkHTb*~s5}Yzx30X<@6Tq_bnP56Hp!xX4sVl4tgYRirjRcke\wfY!JJ9 i?]VIUJicJzq2\!3%7$5R%wi!R[.]Va97q User-Agent: Gnus/5.110011 (No Gnus v0.11) XEmacs/21.4.22 (linux) X-Spam-Score: -1.9 (-) List-ID: Precedence: bulk Xref: news.gmane.org gmane.emacs.gnus.general:69837 Archived-At: I updated today and was excited to see the ChangeLog entry referring to the subject bug report, about the inability to encrypt to multiple recipients using s/mime. I've posted here about that before (which I mistakenly thought was the same as submitting a bug report) and I've long had a workaround for it, which I'm pretty sure I've posted here as well, and am glad to no longer need it. Well mostly. With the fix, I am indeed now able to use mml-secure-encrypt-smime and the resulting #secure tag rather than manually building a multipart. However, by default I am prompted not only to provide a key (or rather tell Gnus where to look) but also have to manually figure out which recipient's key I need to specify for each prompt. For a short list, that's not horrible, but for a long one, which is something I often have to deal with at work, it's not hard to miss someone and end up messing up the encryption for subsequent users on the list. This is a problem I solved as part of my workaround, which parses the To: Cc: and Gcc: headers to come up with the list of recipients and fill in the certfile tags based on that (the Gcc check just results in a call for my personal key if Gcc exists) I notice in mml-smime.el a couple of relevant functions with this comment ;; todo: deal with comma separated multiple recipients so I'm hoping that my code proves useful toward that end. As written it's tied too closely to a personal cert caching setup I have, which in turn is tied to how PKI is done at work, so I can't offer it as a patch, at least not now. It's also only been tested on XEmacs 21.4. However it does fit the structure of the current mml-smime code in that it integrates via mml-encrypt-alist. So with that here is the code. (setq mml-encrypt-alist '(("smime" mml-smime-encrypt-buffer dsg-message-make-cert-tags))) (defun dsg-message-make-cert-tags () (let ((certlist (mapcar 'cadr (mail-extract-address-components (concat (message-fetch-field "to") "," (message-fetch-field "cc")) t))) (gcc-key (if (message-fetch-field "gcc") (cadar smime-keys))) certtags) (while certlist (setq certtags (append certtags (list 'certfile (dsg-get-address-cert (car certlist))))) (setq certlist (cdr certlist))) (append certtags (list 'certfile gcc-key)))) (defun dsg-get-address-cert (ADDRESS) ;; return expected certificate file name. If non-existent, attempt ;; to get it from LDAP. (let* ((mailaddr (downcase ADDRESS)) (certfilename (concat (expand-file-name mailaddr smime-certificate-directory) ".pem")) (certbuf (smime-cert-by-ldap mailaddr))) (cond ((not (or (file-exists-p certfilename) certbuf)) (error "No certificate available for %s" mailaddr)) ((and certbuf (not (file-exists-p certfilename))) (save-excursion (set-buffer certbuf) (write-file certfilename)) (kill-buffer certbuf) certfilename) (certbuf (if (get-buffer dsg-cert-buffer) (progn (save-excursion (set-buffer (get-buffer-create dsg-cert-history)) (goto-char (point-max)) (insert-buffer dsg-cert-buffer)) (erase-buffer dsg-cert-buffer))) (dsg-verify-cert certfilename) (save-window-excursion (set-buffer dsg-cert-buffer) (goto-char (point-min)) (if (looking-at ".*OK$\\|^$") certfilename (delete-file certfilename) (save-excursion (set-buffer certbuf) (write-file certfilename))) (kill-buffer certbuf) certfilename)) (t certfilename)))) (defun dsg-verify-cert (PEM) "Verify the certificate stored in PEM" (interactive (list (read-file-name "Cert file: " smime-certificate-directory))) (let ((buffer (get-buffer-create dsg-cert-buffer))) (save-excursion (if (fboundp 'set-buffer-file-coding-system) (set-buffer-file-coding-system 'binary)) (set-buffer buffer) (goto-char (point-max)) (call-process "openssl" nil t t "verify" "-CApath" smime-CA-directory (expand-file-name PEM)) (recenter -1 (get-buffer-window buffer))) (display-buffer buffer) (shrink-window-if-larger-than-buffer (get-buffer-window buffer)))) -- Dave Goldberg david.goldberg6@verizon.net