From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/60381 Path: news.gmane.org!not-for-mail From: Arne =?utf-8?Q?J=C3=B8rgensen?= Newsgroups: gmane.emacs.gnus.general Subject: Re: ldap cert retrieval and pem encoding Date: Tue, 31 May 2005 11:33:44 +0200 Organization: Arne Joergensen -- http://arnested.dk/ Message-ID: <87y89vrb7r.fsf@seamus.arnested.dk> References: <87wtpkbzyz.fsf@arnested.dk> <874qcnh9kb.fsf@arnested.dk> NNTP-Posting-Host: main.gmane.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Trace: sea.gmane.org 1117532015 25586 80.91.229.2 (31 May 2005 09:33:35 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Tue, 31 May 2005 09:33:35 +0000 (UTC) Cc: ding@gnus.org, Simon Josefsson Original-X-From: ding-owner+M8908@lists.math.uh.edu Tue May 31 11:33:33 2005 Return-path: Original-Received: from malifon.math.uh.edu ([129.7.128.13]) by ciao.gmane.org with esmtp (Exim 4.43) id 1Dd379-0004R6-FR for ding-account@gmane.org; Tue, 31 May 2005 11:32:48 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu ident=lists) by malifon.math.uh.edu with smtp (Exim 3.20 #1) id 1Dd38T-0001gx-00; Tue, 31 May 2005 04:34:09 -0500 Original-Received: from util2.math.uh.edu ([129.7.128.23]) by malifon.math.uh.edu with esmtp (Exim 3.20 #1) id 1Dd38K-0001gr-00 for ding@lists.math.uh.edu; Tue, 31 May 2005 04:34:00 -0500 Original-Received: from quimby.gnus.org ([80.91.224.244]) by util2.math.uh.edu with esmtp (Exim 4.30) id 1Dd38I-0003Db-6g for ding@lists.math.uh.edu; Tue, 31 May 2005 04:33:58 -0500 Original-Received: from smtp010.tiscali.dk ([212.54.64.103]) by quimby.gnus.org with esmtp (Exim 3.35 #1 (Debian)) id 1Dd38G-0003XG-00 for ; Tue, 31 May 2005 11:33:56 +0200 Original-Received: from seamus.arnested.dk (213.237.94.152.sdsl.vbr.worldonline.dk [213.237.94.152] (may be forged)) by smtp010.tiscali.dk (8.12.10/8.12.10) with ESMTP id j4V9XitG006089; Tue, 31 May 2005 11:33:45 +0200 (MEST) Original-To: Ulf Stegemann In-Reply-To: <874qcnh9kb.fsf@arnested.dk> (Arne =?utf-8?Q?J=C3=B8rgensen's?= message of "Sat, 28 May 2005 13:30:28 +0200") User-Agent: Gnus/5.110004 (No Gnus v0.4) Emacs/22.0.50 (gnu/linux) X-Face: 5t,7/Y$&<1A_t.$vC2{pWZ{m@3_06;kcm]no{hgEL/}Uz(>XV6cl4}xO\v?-h3%>znNaZtq `~rf,GY1T%r=a.zH`hOb(-]'x)nI088Z&|e;V^h;/TShou X-Spam-Score: -4.9 (----) Precedence: bulk Original-Sender: ding-owner@lists.math.uh.edu Xref: news.gmane.org gmane.emacs.gnus.general:60381 X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:60381 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Arne J=C3=B8rgensen skriver: > What we could do in Gnus is: > > 1. If it contains "-----BEGIN CERTIFICATE-----" it is in PEM-format. > > 2. Otherwise try to base64-decode it and if that succeeds also assumed > it is in PEM-format. > > 3. Finally decide it must be in DER-format. > > This shouldn't be difficult to implement. I have time make an > implementation on Tuesday. I have implemented the above strategy. I had no way to test it (except that it still works with DER encoded certificates). The attached patch also includes the patch for LDAP handling in XEmacs (from some weeks ago). Kind regards, --=20 Arne J=C3=B8rgensen --=-=-= Content-Type: text/x-patch Content-Disposition: inline; filename=smime-ldap.patch Content-Transfer-Encoding: 8bit Content-Description: Patch for XEmacs compability and certificates in PEM format Index: lisp/ChangeLog =================================================================== RCS file: /usr/local/cvsroot/gnus/lisp/ChangeLog,v retrieving revision 7.706 diff -u -p -r7.706 ChangeLog --- lisp/ChangeLog 30 May 2005 14:45:12 -0000 7.706 +++ lisp/ChangeLog 31 May 2005 09:17:50 -0000 @@ -1,3 +1,10 @@ +2005-05-31 Arne J,Ax(Brgensen + + * smime-ldap.el (smime-ldap-search): Add compatibility for XEmacs. + + * smime.el (smime-cert-by-ldap-1): Handle certificates distributed + in PEM format. Adjust to the XEmacs compability. + 2005-05-30 Reiner Steib * encrypt.el (encrypt-xor-process-buffer): Replace `string-to-int' Index: lisp/smime-ldap.el =================================================================== RCS file: /usr/local/cvsroot/gnus/lisp/smime-ldap.el,v retrieving revision 7.3 diff -u -p -r7.3 smime-ldap.el --- lisp/smime-ldap.el 15 Feb 2005 01:58:42 -0000 7.3 +++ lisp/smime-ldap.el 31 May 2005 09:17:51 -0000 @@ -31,14 +31,7 @@ ;; made to achieve compatibility with OpenLDAP v2 and to make it ;; possible to retrieve LDAP attributes that are tagged ie ";binary". -;; When Gnus drops support for Emacs 21.x this file can be removed and -;; smime.el changed to - -;; - (require 'smime-ldap) => (require 'ldap) -;; - (smime-ldap-search ...) => (ldap-search ...) - -;; If we are running in Emacs 22 or newer it just uses the build-in -;; version of ldap-search. +;; The file also adds a compatibility layer for Emacs and XEmacs. ;;; Code: @@ -57,26 +50,31 @@ its distinguished name WITHDN. Additional search parameters can be specified through `ldap-host-parameters-alist', which see." (interactive "sFilter:") - (if (>= emacs-major-version 22) - (ldap-search filter host attributes attrsonly) - (or host - (setq host ldap-default-host) - (error "No LDAP host specified")) - (let ((host-plist (cdr (assoc host ldap-host-parameters-alist))) - result) - (setq result (smime-ldap-search-internal - (append host-plist - (list 'host host - 'filter filter - 'attributes attributes - 'attrsonly attrsonly - 'withdn withdn)))) - (if ldap-ignore-attribute-codings - result - (mapcar (function - (lambda (record) - (mapcar 'ldap-decode-attribute record))) - result))))) + ;; for XEmacs + (if (fboundp 'ldap-search-entries) + (ldap-search-entries filter host attributes attrsonly) + ;; for Emacs 22 + (if (>= emacs-major-version 22) + (cdr (ldap-search filter host attributes attrsonly)) + ;; for Emacs 21.x + (or host + (setq host ldap-default-host) + (error "No LDAP host specified")) + (let ((host-plist (cdr (assoc host ldap-host-parameters-alist))) + result) + (setq result (smime-ldap-search-internal + (append host-plist + (list 'host host + 'filter filter + 'attributes attributes + 'attrsonly attrsonly + 'withdn withdn)))) + (cdr (if ldap-ignore-attribute-codings + result + (mapcar (function + (lambda (record) + (mapcar 'ldap-decode-attribute record))) + result))))))) (defun smime-ldap-search-internal (search-plist) "Perform a search on a LDAP server. Index: lisp/smime.el =================================================================== RCS file: /usr/local/cvsroot/gnus/lisp/smime.el,v retrieving revision 7.11 diff -u -p -r7.11 smime.el --- lisp/smime.el 17 May 2005 08:02:16 -0000 7.11 +++ lisp/smime.el 31 May 2005 09:17:51 -0000 @@ -578,9 +578,20 @@ A string or a list of strings is returne host '("userCertificate") nil)) (retbuf (generate-new-buffer (format "*certificate for %s*" mail))) cert) - (if (> (length ldapresult) 1) + (if (>= (length ldapresult) 1) (with-current-buffer retbuf - (setq cert (base64-encode-string (nth 1 (car (nth 1 ldapresult))) t)) + ;; Certificates on LDAP servers _should_ be in DER format, + ;; but there are some servers out there that distributes the + ;; certificates in PEM format (with or without + ;; header/footer) so we try to handle them anyway. + (if (or (string= (substring (cadaar ldapresult) 0 27) + "-----BEGIN CERTIFICATE-----") + (condition-case nil + (base64-decode-string (cadaar ldapresult)) + (error nil))) + (setq cert + (replace-regexp-in-string "\\(\n\||\r\\|-----BEGIN CERTIFICATE-----\\|-----END CERTIFICATE-----\\)" "" (cadaar ldapresult) t)) + (setq cert (base64-encode-string (cadaar ldapresult) t))) (insert "-----BEGIN CERTIFICATE-----\n") (let ((i 0) (len (length cert))) (while (> (- len 64) i) --=-=-=--