* S/MIME + additional certificate files
@ 2002-09-23 14:46 Krzysztof Jędruczyk
2002-09-23 15:52 ` Simon Josefsson
0 siblings, 1 reply; 4+ messages in thread
From: Krzysztof Jędruczyk @ 2002-09-23 14:46 UTC (permalink / raw)
Hello,
I've recently tried to send some S/MIME signed messages and
encountered a problem, which I believe lies in gnus' smime.el. The
problem is that even if I specify additional certificate files in
smime-keys variable - they don't get attached to signature. This
might cause with verification - depending on what certs recipient
has already installed (the certification path will be incomplete).
I've searched google for reports on this particular problem, and found
nothing. So - I looked at it myself.
I identified the problem to be in smime-sign-buffer, which in turn
passes keyfile retrieved with smime-get-key-by-email to
smime-sign-region. The problem is that smime-get-key-by-email returns
only the key without accompanying additional certs.
Workaround that works for me is to change line 315 in smime.el from
(smime-get-key-by-email
to
(smime-get-key-with-certs-by-email
and add new function definition:
(defun smime-get-key-with-certs-by-email (email)
(cdr (assoc email smime-keys)))
I believe that this is incomplete solution - I haven't reviewed if
rest of the code doesn't suffer from similar problem. I'm just
signaling a problem here since I know elisp very little.
BTW. I'm using an Oort Gnus, (AFAIR 0.08; it should be mentioned in
the headers of this message), taken from cvs about 28-aug-2002.
--
Best Regards,
Krzysztof Jędruczyk
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: S/MIME + additional certificate files
2002-09-23 14:46 S/MIME + additional certificate files Krzysztof Jędruczyk
@ 2002-09-23 15:52 ` Simon Josefsson
2002-09-23 15:58 ` Simon Josefsson
0 siblings, 1 reply; 4+ messages in thread
From: Simon Josefsson @ 2002-09-23 15:52 UTC (permalink / raw)
Cc: ding
beaker@iavmb.pl (Krzysztof Jędruczyk) writes:
> Hello,
>
> I've recently tried to send some S/MIME signed messages and
> encountered a problem, which I believe lies in gnus' smime.el. The
> problem is that even if I specify additional certificate files in
> smime-keys variable - they don't get attached to signature. This
> might cause with verification - depending on what certs recipient
> has already installed (the certification path will be incomplete).
>
> I've searched google for reports on this particular problem, and found
> nothing. So - I looked at it myself.
>
> I identified the problem to be in smime-sign-buffer, which in turn
> passes keyfile retrieved with smime-get-key-by-email to
> smime-sign-region. The problem is that smime-get-key-by-email returns
> only the key without accompanying additional certs.
The sign command only need the key to sign something. By reading the
OpenSSL S/MIME man page it seems that -certfile should be specified to
solve this problem. What does the following do? (Untested, it might
mail your private key...)
Index: smime.el
===================================================================
RCS file: /usr/local/cvsroot/gnus/lisp/smime.el,v
retrieving revision 6.26
diff -u -p -u -w -r6.26 smime.el
--- smime.el 2002/04/11 19:49:45 6.26
+++ smime.el 2002/09/23 16:35:08
@@ -254,6 +254,7 @@ key and certificate itself."
(when (prog1
(apply 'smime-call-openssl-region b e (list buffer tmpfile)
"smime" "-sign" "-signer" (expand-file-name keyfile)
+ "-certfile" (expand-file-name keyfile)
(append
(smime-make-certfiles certfiles)
(if passphrase
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: S/MIME + additional certificate files
2002-09-23 15:52 ` Simon Josefsson
@ 2002-09-23 15:58 ` Simon Josefsson
2002-09-23 16:58 ` Krzysztof Jędruczyk
0 siblings, 1 reply; 4+ messages in thread
From: Simon Josefsson @ 2002-09-23 15:58 UTC (permalink / raw)
Cc: ding
Simon Josefsson <jas@extundo.com> writes:
> The sign command only need the key to sign something. By reading the
> OpenSSL S/MIME man page it seems that -certfile should be specified to
> solve this problem. What does the following do? (Untested, it might
> mail your private key...)
Never mind that bogus patch, what you suggested seem to be The Right
Thing, and from what I could tell it was a complete solution as well
(only signing needs extra user certs, and you fixed that). Committed.
If you send more patches, you must sign FSF papers.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: S/MIME + additional certificate files
2002-09-23 15:58 ` Simon Josefsson
@ 2002-09-23 16:58 ` Krzysztof Jędruczyk
0 siblings, 0 replies; 4+ messages in thread
From: Krzysztof Jędruczyk @ 2002-09-23 16:58 UTC (permalink / raw)
Simon Josefsson <jas@extundo.com> writes:
>
> Never mind that bogus patch, what you suggested seem to be The Right
> Thing, and from what I could tell it was a complete solution as well
> (only signing needs extra user certs, and you fixed that). Committed.
> If you send more patches, you must sign FSF papers.
>
Wow - that was fast :-O
Gnus is great MUA. I'm glad I could help. Maybe I'll try to do some
more elisp-hacking when I have time...
--
Krzysztof Jędruczyk
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2002-09-23 16:58 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2002-09-23 14:46 S/MIME + additional certificate files Krzysztof Jędruczyk
2002-09-23 15:52 ` Simon Josefsson
2002-09-23 15:58 ` Simon Josefsson
2002-09-23 16:58 ` Krzysztof Jędruczyk
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).