* SMIME: intermediate certificates are not sent
@ 2014-09-22 11:59 Christoph Groth
2014-09-22 12:13 ` Uwe Brauer
2014-09-22 12:58 ` [PATCH] " Christoph Groth
0 siblings, 2 replies; 5+ messages in thread
From: Christoph Groth @ 2014-09-22 11:59 UTC (permalink / raw)
To: ding
Hi,
I’ve recently setup Gnus to use my S/MIME key from work. I observe the
following problem described in 2007 by David Eng:
http://article.gmane.org/gmane.emacs.gnus.general/64881. There used to
be an emacs bug about this issue, but it has been closed apparently
without the bug ever being fixed:
https://lists.gnu.org/archive/html/emacs-bug-tracker/2011-01/msg00118.html.
For now I’m using the workaround of David (deleting keyfile="..." from
the #secure tag). Am I missing some way in which that issue has been
resolved?
Is S/MIME really that unpopular with Gnus users?
Thanks,
Christoph
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: SMIME: intermediate certificates are not sent
2014-09-22 11:59 SMIME: intermediate certificates are not sent Christoph Groth
@ 2014-09-22 12:13 ` Uwe Brauer
2014-09-22 12:50 ` Christoph Groth
2014-09-22 12:58 ` [PATCH] " Christoph Groth
1 sibling, 1 reply; 5+ messages in thread
From: Uwe Brauer @ 2014-09-22 12:13 UTC (permalink / raw)
To: ding
[-- Attachment #1: Type: text/plain, Size: 972 bytes --]
>> "Christoph" == Christoph Groth <christoph@grothesque.org> writes:
> Hi,
> I’ve recently setup Gnus to use my S/MIME key from work. I observe
> the following problem described in 2007 by David Eng:
> http://article.gmane.org/gmane.emacs.gnus.general/64881. There used
> to be an emacs bug about this issue, but it has been closed
> apparently without the bug ever being fixed:
> https://lists.gnu.org/archive/html/emacs-bug-tracker/2011-01/msg00118.html.
> For now I’m using the workaround of David (deleting keyfile="..."
> From the #secure tag). Am I missing some way in which that issue
> has been resolved?
> Is S/MIME really that unpopular with Gnus users?
Hm I am using s/mime since almost 2 years without any problems, however
I use
epg and gpgsm
as described in
http://www.emacswiki.org/emacs/GnusSMIME#toc8
Works much better this way.
> Thanks,
> Christoph
Uwe Brauer
[-- Attachment #2: smime.p7s --]
[-- Type: application/pkcs7-signature, Size: 5556 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH] Re: SMIME: intermediate certificates are not sent
2014-09-22 11:59 SMIME: intermediate certificates are not sent Christoph Groth
2014-09-22 12:13 ` Uwe Brauer
@ 2014-09-22 12:58 ` Christoph Groth
2015-01-27 3:11 ` Lars Ingebrigtsen
1 sibling, 1 reply; 5+ messages in thread
From: Christoph Groth @ 2014-09-22 12:58 UTC (permalink / raw)
To: ding
Just in case someone is motivated to fix the S/MIME with openssl bug
(which is still the default S/MIME method in Gnus):
I've found the following workaround:
http://www.normalesup.org/~martinez/emacs/#sign_additional_certificates
The following code is equivalent, only cleaned up a bit and merged with
the current Gnus codebase. Adding it to ~/.gnus solves the issue, but
perhaps the function changes could be commited to Gnus?
--8<---------------cut here---------------start------------->8---
;; Patch to smime-sign-buffer and mml-smime-openssl-sign-query to put
;; the email address in the keyfile argument of <#secure> tag instead
;; of the key filename to take additional certificates into account when
;; signing a message.
(require 'smime) ; smime-sign-buffer comes from here
(defun smime-sign-buffer (&optional keyfile buffer)
"S/MIME sign BUFFER with key in KEYFILE.
KEYFILE should contain a PEM encoded key and certificate."
(interactive)
(with-current-buffer (or buffer (current-buffer))
(unless (smime-sign-region
(point-min) (point-max)
(if keyfile
(smime-get-key-with-certs-by-email keyfile)
(smime-get-key-with-certs-by-email
(gnus-completing-read
"Sign using key"
smime-keys nil (car-safe (car-safe smime-keys))))))
(error "Signing failed"))))
(require 'mml-smime) ; mml-smime-openssl-sign-query comes from here
(defun mml-smime-openssl-sign-query ()
;; query information (what certificate) from user when MML tag is
;; added, for use later by the signing process
(when (null smime-keys)
(customize-variable 'smime-keys)
(error "No S/MIME keys configured, use customize to add your key"))
(list 'keyfile
(if (= (length smime-keys) 1)
(caar smime-keys)
(or (cadr (funcall (if (boundp
'gnus-extract-address-components)
gnus-extract-address-components
'mail-extract-address-components)
(or (save-excursion
(save-restriction
(message-narrow-to-headers)
(message-fetch-field "from")))
"")))
(gnus-completing-read "Sign this part with what signature"
(mapcar 'car smime-keys) nil nil nil
(and (listp (car-safe smime-keys))
(caar smime-keys)))))))
--8<---------------cut here---------------end--------------->8---
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2015-01-27 3:11 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-09-22 11:59 SMIME: intermediate certificates are not sent Christoph Groth
2014-09-22 12:13 ` Uwe Brauer
2014-09-22 12:50 ` Christoph Groth
2014-09-22 12:58 ` [PATCH] " Christoph Groth
2015-01-27 3:11 ` Lars Ingebrigtsen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).