From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/60444
Path: news.gmane.org!not-for-mail
From: david.goldberg6@verizon.net (David S. Goldberg)
Newsgroups: gmane.emacs.gnus.general
Subject: smime-cert-by-ldap-1 problem
Date: Tue, 14 Jun 2005 14:26:48 -0400
Organization: I Yam What I Yam
Message-ID: <mj7slzkrdzr.fsf@mm117419-pc.MITRE.ORG>
NNTP-Posting-Host: main.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: sea.gmane.org 1118774985 1420 80.91.229.2 (14 Jun 2005 18:49:45 GMT)
X-Complaints-To: usenet@sea.gmane.org
NNTP-Posting-Date: Tue, 14 Jun 2005 18:49:45 +0000 (UTC)
Original-X-From: ding-owner+M8971@lists.math.uh.edu Tue Jun 14 20:49:44 2005
Return-path: <ding-owner+M8971@lists.math.uh.edu>
Original-Received: from malifon.math.uh.edu ([129.7.128.13])
	by ciao.gmane.org with esmtp (Exim 4.43)
	id 1DiGT6-0003cJ-DT
	for ding-account@gmane.org; Tue, 14 Jun 2005 20:49:00 +0200
Original-Received: from localhost
	([127.0.0.1] helo=lists.math.uh.edu ident=lists)
	by malifon.math.uh.edu with smtp (Exim 3.20 #1)
	id 1DiGKC-0006VK-00; Tue, 14 Jun 2005 13:39:48 -0500
Original-Received: from util2.math.uh.edu ([129.7.128.23])
	by malifon.math.uh.edu with esmtp (Exim 3.20 #1)
	id 1DiG7r-0006V7-00
	for ding@lists.math.uh.edu; Tue, 14 Jun 2005 13:27:03 -0500
Original-Received: from quimby.gnus.org ([80.91.224.244])
	by util2.math.uh.edu with esmtp (Exim 4.30)
	id 1DiG7o-00025R-VM
	for ding@lists.math.uh.edu; Tue, 14 Jun 2005 13:27:01 -0500
Original-Received: from smtpproxy1.mitre.org ([192.160.51.76] helo=smtp-bedford.mitre.org)
	by quimby.gnus.org with esmtp (Exim 3.35 #1 (Debian))
	id 1DiG7l-0007ST-00
	for <ding@gnus.org>; Tue, 14 Jun 2005 20:26:58 +0200
Original-Received: from smtp-bedford.mitre.org (localhost.localdomain [127.0.0.1])
	by smtp-bedford.mitre.org (8.11.6/8.11.6) with SMTP id j5EIQst04164
	for <ding@gnus.org>; Tue, 14 Jun 2005 14:26:54 -0400
Original-Received: from smtp-bedford.mitre.org (localhost.localdomain [127.0.0.1])
	by smtp-bedford.mitre.org (Postfix) with ESMTP id 0C786BF86
	for <ding@gnus.org>; Tue, 14 Jun 2005 14:26:53 -0400 (EDT)
Original-Received: from MAILHUB1 (mailhub1.mitre.org [129.83.20.31])
	by smtp-bedford.mitre.org (8.11.6/8.11.6) with ESMTP id j5EIQqC04059
	for <ding@gnus.org>; Tue, 14 Jun 2005 14:26:52 -0400
Original-Received: from blackbird.mitre.org (129.83.50.102) by mailhub1.mitre.org with SMTP
        id 18466824; Tue, 14 Jun 2005 14:26:50 -0400
Original-To: The Gnus Mailing List <ding@gnus.org>
X-Face: GUaHTH@nS>[7,ME@-gYZ4#Wl{z"99k@[[Y8AcP0x1paqu.,z9,XSV1WI>{q3f6^e5(zrit
	<4fV&VHhmE`uidRqtmG27;si9&r;#KSF~E#$%W8w(xdp)H4tW=\2XOk~3=@oGqqpj;m4xf
	Ow;y26396&,34@9#~4;@*S;E0cq"LM9N(us4P%F(Nxis'Vvfm9?KufH;:Q$dMa-QWGLR&K
	d0`LJZE8xb*>^yN>b]_NcU:E=Zn\1=#/(OS2
User-Agent: Gnus/5.110004 (No Gnus v0.4) XEmacs/21.4.17 (cygwin32)
X-Spam-Score: -4.7 (----)
Precedence: bulk
Original-Sender: ding-owner@lists.math.uh.edu
Xref: news.gmane.org gmane.emacs.gnus.general:60444
X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:60444

According to this bit from smime.el:

	  ;; Certificates on LDAP servers _should_ be in DER format,
	  ;; but there are some servers out there that distributes the
	  ;; certificates in PEM format (with or without
	  ;; header/footer) so we try to handle them anyway.
	  (if (or (string= (substring (cadaar ldapresult) 0 27)
			   "-----BEGIN CERTIFICATE-----")
		  (condition-case nil
		      (base64-decode-string (cadaar ldapresult))
		    (error nil)))
	      (setq cert
		    (smime-replace-in-string
		     (cadaar ldapresult)
		     (concat "\\(\n\\|\r\\|-----BEGIN CERTIFICATE-----\\|"
			     "-----END CERTIFICATE-----\\)")
		     "" t))
	    (setq cert (base64-encode-string (cadaar ldapresult) t)))

then the result of smime-cert-by-ldap should be a base64 encoded block
surrounded by the BEGIN and END CERTIFICATE lines.  Instead, I get the
DER with extra CRs inserted every 64 bytes, surrounded by the BEGIN
and END lines.  The problem is that base64-decode-string does not
throw an error, and from what I can see in base64.el, it's not
designed to.

My XEmacs is:

XEmacs 21.4 (patch 17) "Jumbo Shrimp" [Lucid] (i686-pc-cygwin, Mule)
of Wed Jun 1 2005 on mm117419-pc

with the 5/2005 sumo.

Interesting enough, the DER with the extra CRs seems to work OK though
I have to wonder if it's related to the CRs that in the magic number
issue I wrote about earlier.

I discovered this because I want to save the ldap search results to
the local file convention I've developed for myself but having the
slightly messed up DER format messes up my certificate verification
checks.

Thanks,
-- 
Dave Goldberg
david.goldberg6@verizon.net