From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/55092 Path: main.gmane.org!not-for-mail From: =?iso-8859-1?q?Arne_J=F8rgensen?= Newsgroups: gmane.emacs.gnus.general Subject: Patch to enable CRL check when verifying S/MIME signed articles Date: Thu, 04 Dec 2003 22:28:43 +0100 Organization: emfle birnan Sender: ding-owner@lists.math.uh.edu Message-ID: <87fzg0s25w.fsf@seamus.arnested.dk> NNTP-Posting-Host: deer.gmane.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Trace: sea.gmane.org 1070573436 16367 80.91.224.253 (4 Dec 2003 21:30:36 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Thu, 4 Dec 2003 21:30:36 +0000 (UTC) Original-X-From: ding-owner+M3632@lists.math.uh.edu Thu Dec 04 22:30:33 2003 Return-path: Original-Received: from malifon.math.uh.edu ([129.7.128.13]) by deer.gmane.org with esmtp (Exim 3.35 #1 (Debian)) id 1AS13R-0001WN-00 for ; Thu, 04 Dec 2003 22:30:33 +0100 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu) by malifon.math.uh.edu with smtp (Exim 3.20 #1) id 1AS11t-0000lr-00; Thu, 04 Dec 2003 15:28:57 -0600 Original-Received: from justine.libertine.org ([66.139.78.221] ident=postfix) by malifon.math.uh.edu with esmtp (Exim 3.20 #1) id 1AS11l-0000ll-00 for ding@lists.math.uh.edu; Thu, 04 Dec 2003 15:28:49 -0600 Original-Received: from main.gmane.org (main.gmane.org [80.91.224.249]) by justine.libertine.org (Postfix) with ESMTP id 2C0453A003C for ; Thu, 4 Dec 2003 15:28:47 -0600 (CST) Original-Received: from list by main.gmane.org with local (Exim 3.35 #1 (Debian)) id 1AS11i-0005Ay-00 for ; Thu, 04 Dec 2003 22:28:46 +0100 X-Injected-Via-Gmane: http://gmane.org/ Original-To: ding@gnus.org Original-Received: from sea.gmane.org ([80.91.224.252]) by main.gmane.org with esmtp (Exim 3.35 #1 (Debian)) id 1AS11g-0005Ap-00 for ; Thu, 04 Dec 2003 22:28:44 +0100 Original-Received: from news by sea.gmane.org with local (Exim 3.35 #1 (Debian)) id 1AS11g-0004BI-00 for ; Thu, 04 Dec 2003 22:28:44 +0100 Original-Lines: 79 Original-X-Complaints-To: usenet@sea.gmane.org X-Face: 5t,7/Y$&<1A_t.$vC2{pWZ{m@3_06;kcm]no{hgEL/}Uz(>XV6cl4}xO\v?-h3%>znNaZtq `~rf,GY1T%r=a.zH`hOb(-]'x)nI088Z&|e;V^h;/TShou User-Agent: Gnus/5.1003 (Gnus v5.10.3) Emacs/21.3.50 (gnu/linux) Cancel-Lock: sha1:oZXaLwtjwDjEfSmcPJ9HGMDBjFo= Precedence: bulk Xref: main.gmane.org gmane.emacs.gnus.general:55092 X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:55092 --=-=-= Hi, This patch will have Gnus/OpenSSL check the revocation status of a signers certificate when verifying an signed signed article (it passes the -crl_check option on to openssl). At least OpenSSL version 0.9.7 is requiered (the -crl_check option was not present prior to this). --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=smime-crl-check.patch Content-Description: Enable CRL check when verifying S/MIME signed articles Index: smime.el =================================================================== RCS file: /usr/local/cvsroot/gnus/lisp/smime.el,v retrieving revision 6.31 diff -c -r6.31 smime.el *** smime.el 25 Jul 2003 00:53:09 -0000 6.31 --- smime.el 4 Dec 2003 21:19:07 -0000 *************** *** 184,189 **** --- 184,210 ---- (const :tag "RC2 128 bits" "-rc2-128")) :group 'smime) + (defcustom smime-crl-check nil + "*Check revocation status of signers certificate using CRLs. + Enabling this will have OpenSSL check the signers certificate + against a certificate revocation list (CRL). + + For this to work you the CRL must be up-to-date and since they + are normally updated quite often (ie. several times a day) you + probably need some tool to keep them up-to-date. Unfortunately + Gnus cannot do this for you. + + The CRL should either be appended (in PEM format) to your + `smime-CA-file' or be located in a file (also in PEM format) in + your `smime-certificate-directory' named to the X.509 hash of the + certificate with .r0 as file name extension. + + At least OpenSSL version 0.9.7 is required for this to work." + :type '(choice (const :tag "No check" nil) + (const :tag "Check certificate" "-crl_check") + (const :tag "Check certificate chain" "-crl_check_all")) + :group 'smime) + (defcustom smime-dns-server nil "*DNS server to query certificates from. If nil, use system defaults." *************** *** 348,353 **** --- 369,376 ---- (expand-file-name smime-CA-directory)))))) (unless CAs (error "No CA configured")) + (if smime-crl-check + (add-to-list 'CAs smime-crl-check)) (if (apply 'smime-call-openssl-region b e (list smime-details-buffer t) "smime" "-verify" "-out" "/dev/null" CAs) t --=-=-= Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Kind regards, --=20 Arne J=F8rgensen Valby Langgade 272, 1. tv., DK-2500 Valby, Denmark phone: +45 36 44 18 03, mobile: +45 21 65 01 13 email: arne@arnested.dk, --=-=-=--