From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/84967
Path: news.gmane.org!not-for-mail
From: Christoph Groth <christoph@grothesque.org>
Newsgroups: gmane.emacs.gnus.general
Subject: [PATCH] Re: SMIME: intermediate certificates are not sent
Date: Mon, 22 Sep 2014 14:58:42 +0200
Message-ID: <87oau7q0al.fsf@grothesque.org>
References: <87vbof6f2o.fsf@grothesque.org>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: ger.gmane.org 1411390753 17939 80.91.229.3 (22 Sep 2014 12:59:13 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Mon, 22 Sep 2014 12:59:13 +0000 (UTC)
To: ding@gnus.org
Original-X-From: ding-owner+M33211@lists.math.uh.edu Mon Sep 22 14:59:07 2014
Return-path: <ding-owner+M33211@lists.math.uh.edu>
Envelope-to: ding-account@gmane.org
Original-Received: from util0.math.uh.edu ([129.7.128.18])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <ding-owner+M33211@lists.math.uh.edu>)
	id 1XW3Cp-0004C2-MV
	for ding-account@gmane.org; Mon, 22 Sep 2014 14:59:04 +0200
Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu)
	by util0.math.uh.edu with smtp (Exim 4.63)
	(envelope-from <ding-owner+M33211@lists.math.uh.edu>)
	id 1XW3Cl-000085-Ei; Mon, 22 Sep 2014 07:58:59 -0500
Original-Received: from mx2.math.uh.edu ([129.7.128.33])
	by util0.math.uh.edu with esmtps (TLSv1:AES256-SHA:256)
	(Exim 4.63)
	(envelope-from <ding-account@m.gmane.org>)
	id 1XW3Ck-00007x-CB
	for ding@lists.math.uh.edu; Mon, 22 Sep 2014 07:58:58 -0500
Original-Received: from quimby.gnus.org ([80.91.231.51])
	by mx2.math.uh.edu with esmtps (TLSv1:AES128-SHA:128)
	(Exim 4.76)
	(envelope-from <ding-account@m.gmane.org>)
	id 1XW3Ci-0005lk-Gk
	for ding@lists.math.uh.edu; Mon, 22 Sep 2014 07:58:58 -0500
Original-Received: from plane.gmane.org ([80.91.229.3])
	by quimby.gnus.org with esmtp (Exim 4.80)
	(envelope-from <ding-account@m.gmane.org>)
	id 1XW3Ch-0001pl-4L
	for ding@gnus.org; Mon, 22 Sep 2014 14:58:55 +0200
Original-Received: from list by plane.gmane.org with local (Exim 4.69)
	(envelope-from <ding-account@m.gmane.org>)
	id 1XW3Cg-00045P-UH
	for ding@gnus.org; Mon, 22 Sep 2014 14:58:54 +0200
Original-Received: from dra38-5-82-246-248-175.fbx.proxad.net ([82.246.248.175])
        by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
        id 1AlnuQ-0007hv-00
        for <ding@gnus.org>; Mon, 22 Sep 2014 14:58:54 +0200
Original-Received: from christoph by dra38-5-82-246-248-175.fbx.proxad.net with local (Gmexim 0.1 (Debian))
        id 1AlnuQ-0007hv-00
        for <ding@gnus.org>; Mon, 22 Sep 2014 14:58:54 +0200
X-Injected-Via-Gmane: http://gmane.org/
Original-Lines: 58
Original-X-Complaints-To: usenet@ger.gmane.org
X-Gmane-NNTP-Posting-Host: dra38-5-82-246-248-175.fbx.proxad.net
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.4.50 (gnu/linux)
Cancel-Lock: sha1:u1e75kpamhkErhDmJn+vnTgnjrY=
X-Spam-Score: -3.9 (---)
List-ID: <ding.gnus.org>
Precedence: bulk
Xref: news.gmane.org gmane.emacs.gnus.general:84967
Archived-At: <http://permalink.gmane.org/gmane.emacs.gnus.general/84967>

Just in case someone is motivated to fix the S/MIME with openssl bug
(which is still the default S/MIME method in Gnus):
I've found the following workaround:
http://www.normalesup.org/~martinez/emacs/#sign_additional_certificates

The following code is equivalent, only cleaned up a bit and merged with
the current Gnus codebase.  Adding it to ~/.gnus solves the issue, but
perhaps the function changes could be commited to Gnus?

--8<---------------cut here---------------start------------->8---
;; Patch to smime-sign-buffer and mml-smime-openssl-sign-query to put
;; the email address in the keyfile argument of <#secure> tag instead
;; of the key filename to take additional certificates into account when
;; signing a message.

(require 'smime) ; smime-sign-buffer comes from here

(defun smime-sign-buffer (&optional keyfile buffer)
  "S/MIME sign BUFFER with key in KEYFILE.
KEYFILE should contain a PEM encoded key and certificate."
  (interactive)
  (with-current-buffer (or buffer (current-buffer))
    (unless (smime-sign-region
             (point-min) (point-max)
             (if keyfile
                 (smime-get-key-with-certs-by-email keyfile)
               (smime-get-key-with-certs-by-email
                (gnus-completing-read
                 "Sign using key"
                 smime-keys nil (car-safe (car-safe smime-keys))))))
      (error "Signing failed"))))


(require 'mml-smime) ; mml-smime-openssl-sign-query comes from here

(defun mml-smime-openssl-sign-query ()
  ;; query information (what certificate) from user when MML tag is
  ;; added, for use later by the signing process
  (when (null smime-keys)
    (customize-variable 'smime-keys)
    (error "No S/MIME keys configured, use customize to add your key"))
  (list 'keyfile
        (if (= (length smime-keys) 1)
            (caar smime-keys)
          (or (cadr (funcall (if (boundp
                                  'gnus-extract-address-components)
                                 gnus-extract-address-components
                               'mail-extract-address-components)
                             (or (save-excursion
                                   (save-restriction
                                     (message-narrow-to-headers)
                                     (message-fetch-field "from")))
                                 "")))
              (gnus-completing-read "Sign this part with what signature"
                                    (mapcar 'car smime-keys) nil nil nil
                                    (and (listp (car-safe smime-keys))
                                         (caar smime-keys)))))))
--8<---------------cut here---------------end--------------->8---