From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/55488 Path: main.gmane.org!not-for-mail From: =?iso-8859-1?q?Arne_J=F8rgensen?= Newsgroups: gmane.emacs.gnus.general Subject: Re: Patch to enable CRL check when verifying S/MIME signed articles Date: Fri, 02 Jan 2004 21:20:35 +0100 Organization: emfle birnan Sender: ding-owner@lists.math.uh.edu Message-ID: <87vfnugl0s.fsf@seamus.arnested.dk> References: <87fzg0s25w.fsf@seamus.arnested.dk> <87smj11eht.fsf@seamus.arnested.dk> NNTP-Posting-Host: deer.gmane.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Trace: sea.gmane.org 1073074873 15056 80.91.224.253 (2 Jan 2004 20:21:13 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Fri, 2 Jan 2004 20:21:13 +0000 (UTC) Original-X-From: ding-owner+M4028@lists.math.uh.edu Fri Jan 02 21:21:10 2004 Return-path: Original-Received: from malifon.math.uh.edu ([129.7.128.13]) by deer.gmane.org with esmtp (Exim 3.35 #1 (Debian)) id 1AcVnC-00048A-00 for ; Fri, 02 Jan 2004 21:21:10 +0100 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu) by malifon.math.uh.edu with smtp (Exim 3.20 #1) id 1AcVml-0004IC-00; Fri, 02 Jan 2004 14:20:43 -0600 Original-Received: from justine.libertine.org ([66.139.78.221] ident=postfix) by malifon.math.uh.edu with esmtp (Exim 3.20 #1) id 1AcVmg-0004I7-00 for ding@lists.math.uh.edu; Fri, 02 Jan 2004 14:20:38 -0600 Original-Received: from main.gmane.org (main.gmane.org [80.91.224.249]) by justine.libertine.org (Postfix) with ESMTP id 1017D3A0039 for ; Fri, 2 Jan 2004 14:20:38 -0600 (CST) Original-Received: from list by main.gmane.org with local (Exim 3.35 #1 (Debian)) id 1AcVmf-0004l6-00 for ; Fri, 02 Jan 2004 21:20:37 +0100 X-Injected-Via-Gmane: http://gmane.org/ Original-To: ding@gnus.org Original-Received: from sea.gmane.org ([80.91.224.252]) by main.gmane.org with esmtp (Exim 3.35 #1 (Debian)) id 1AcVme-0004kx-00 for ; Fri, 02 Jan 2004 21:20:36 +0100 Original-Received: from news by sea.gmane.org with local (Exim 3.35 #1 (Debian)) id 1AcVme-0003th-00 for ; Fri, 02 Jan 2004 21:20:36 +0100 Original-Lines: 76 Original-X-Complaints-To: usenet@sea.gmane.org X-Face: 5t,7/Y$&<1A_t.$vC2{pWZ{m@3_06;kcm]no{hgEL/}Uz(>XV6cl4}xO\v?-h3%>znNaZtq `~rf,GY1T%r=a.zH`hOb(-]'x)nI088Z&|e;V^h;/TShou User-Agent: Gnus/5.1004 (Gnus v5.10.4) Emacs/21.3.50 (gnu/linux) Cancel-Lock: sha1:cpJWdgs+bube08F/7Cb1E8vgOis= Precedence: bulk Xref: main.gmane.org gmane.emacs.gnus.general:55488 X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:55488 --=-=-= Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Lars Magne Ingebrigtsen writes: > Arne J=F8rgensen writes: > >> Simon already instructed me on this. The papers where signed and >> returned just before Christmas. > > Ok. Could you send me a new patch; the old one doesn't apply any > more, apparently.. That's because Simon applied the patch without most of the documentation (until we were sure the papers had arrived at the FSF). This patch add the full documentation: --=-=-= Content-Type: text/x-patch Content-Disposition: inline; filename=smime_crl.patch Index: smime.el =================================================================== RCS file: /usr/local/cvsroot/gnus/lisp/smime.el,v retrieving revision 6.32 diff -c -r6.32 smime.el *** smime.el 30 Dec 2003 21:10:19 -0000 6.32 --- smime.el 30 Dec 2003 22:37:17 -0000 *************** *** 185,191 **** :group 'smime) (defcustom smime-crl-check nil ! "*Check revocation status of signers certificate using CRLs." :type '(choice (const :tag "No check" nil) (const :tag "Check certificate" "-crl_check") (const :tag "Check certificate chain" "-crl_check_all")) --- 185,205 ---- :group 'smime) (defcustom smime-crl-check nil ! "*Check revocation status of signers certificate using CRLs. ! Enabling this will have OpenSSL check the signers certificate ! against a certificate revocation list (CRL). ! ! For this to work the CRL must be up-to-date and since they are ! normally updated quite often (ie. several times a day) you ! probably need some tool to keep them up-to-date. Unfortunately ! Gnus cannot do this for you. ! ! The CRL should either be appended (in PEM format) to your ! `smime-CA-file' or be located in a file (also in PEM format) in ! your `smime-certificate-directory' named to the X.509 hash of the ! certificate with .r0 as file name extension. ! ! At least OpenSSL version 0.9.7 is required for this to work." :type '(choice (const :tag "No check" nil) (const :tag "Check certificate" "-crl_check") (const :tag "Check certificate chain" "-crl_check_all")) --=-=-= Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Kind regards, --=20 Arne J=F8rgensen Valby Langgade 272, 1. tv., DK-2500 Valby, Denmark phone: +45 36 44 18 03, mobile: +45 21 65 01 13 email: arne@arnested.dk, --=-=-=--