From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/60385 Path: news.gmane.org!not-for-mail From: Ulf Stegemann Newsgroups: gmane.emacs.gnus.general Subject: Re: ldap cert retrieval and pem encoding Date: Tue, 31 May 2005 13:21:32 +0200 Organization: Message-ID: References: <87wtpkbzyz.fsf@arnested.dk> <874qcnh9kb.fsf@arnested.dk> <87y89vrb7r.fsf@seamus.arnested.dk> NNTP-Posting-Host: main.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable X-Trace: sea.gmane.org 1117538483 11339 80.91.229.2 (31 May 2005 11:21:23 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Tue, 31 May 2005 11:21:23 +0000 (UTC) Cc: ding@gnus.org, Simon Josefsson Original-X-From: ding-owner+M8912@lists.math.uh.edu Tue May 31 13:21:20 2005 Return-path: Original-Received: from malifon.math.uh.edu ([129.7.128.13]) by ciao.gmane.org with esmtp (Exim 4.43) id 1Dd4n1-0007dW-TN for ding-account@gmane.org; Tue, 31 May 2005 13:20:08 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu ident=lists) by malifon.math.uh.edu with smtp (Exim 3.20 #1) id 1Dd4ot-00024o-00; Tue, 31 May 2005 06:22:03 -0500 Original-Received: from util2.math.uh.edu ([129.7.128.23]) by malifon.math.uh.edu with esmtp (Exim 3.20 #1) id 1Dd4ol-00024e-00 for ding@lists.math.uh.edu; Tue, 31 May 2005 06:21:55 -0500 Original-Received: from quimby.gnus.org ([80.91.224.244]) by util2.math.uh.edu with esmtp (Exim 4.30) id 1Dd4oi-00049l-V5 for ding@lists.math.uh.edu; Tue, 31 May 2005 06:21:53 -0500 Original-Received: from guildenstern.zeitform.de ([146.140.212.220]) by quimby.gnus.org with esmtp (Exim 3.35 #1 (Debian)) id 1Dd4oZ-0004kA-00 for ; Tue, 31 May 2005 13:21:43 +0200 Original-Received: (qmail 10232 invoked by uid 89); 31 May 2005 11:21:34 -0000 Original-Received: by simscan 1.0.8 ppid: 10227, pid: 10228, t: 1.2896s scanners: attach: 1.0.8 clamav: 0.85.1/m:31/d:900 spam: 3.0.3 Original-Received: from host1914.igd.fhg.de (HELO naos.igd.fhg.de) (146.140.8.122) by guildenstern.zeitform.de with (DHE-RSA-AES256-SHA encrypted) SMTP; 31 May 2005 11:21:33 -0000 Original-Received: by naos.igd.fhg.de (Postfix, from userid 6852) id B6D564F546; Tue, 31 May 2005 13:21:32 +0200 (CEST) Original-To: Arne =?iso-8859-1?Q?J=F8rgensen?= In-Reply-To: <87y89vrb7r.fsf@seamus.arnested.dk> (Arne =?iso-8859-1?Q?J=F8?= =?iso-8859-1?Q?rgensen's?= message of "Tue, 31 May 2005 11:33:44 +0200") X-Request-PGP: http://ulf.zeitform.de/GnuPG/ulf_stegemann.key.asc X-PGP-KeyID: 8862250A OpenPGP: id=0x8862250A (short key ID); algo=17 (DSA); size=1024 (bits); created=876873600 (1997-10-15); url=http://ulf.zeitform.de/GnuPG/ulf_stegemann.key.asc X-Campaign: Campaign against senseless mail headers X-Shakespeare: "This royal throne of kings, this scepter'd isle, This earth of majesty, this seat of Mars, This other Eden, demi-paradise, This fortress built by Nature for herself Against infection and the hand of war," -- King Richard II, II.1 Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAGFBMVEXm27ayglb9+NOPVzIS CgNzQCM+JBPx6MK4RNzbAAACHElEQVR4nFWTMW/bMBCFKRgpVwuq0zX1ojUCwc4xImsuIJBZ XUBiV1pAcX+/7x1l2b4ESMDP7969I22OT9Wuf+VoHk9NXe8XPZflDswh9ajZ8iPLpng79Gud LTvJCt5e+60+raBW8C2lkG7kC+drq5+hq5uYUNosiymKdrev6ppgwm/f/7C3VsaYiophUNEl 51VhkOAwp2ko3U7GFvCG89pHgEndBysZQJYMhzrENN3m2hcPrqJuwjoT6zdMCShwBDfJh7EK aoL4CNCqlUXqTbGSk3pIpkUBqcyFdRlczR0M6wCfmqO98twF3VXxORXzq+sA/CPQgO2/ITgU wegVfJSA1z6RwGSM868bkGObY5xH9EqzP8dA8BdgIRgUhBBmH3RXMG9FKpw414Ck0anC0KOV ynunNcazmwEG3sfS5sZpEOe670mnOol65KYrIAAEgguBtJWDwnlYIIqCdxELm8p5LpcT4CdO tOADktc5dg1nDZ6LmfBIrWWra5M6DQFJE8I0/DGmPAZR54AMow9jTBfDHC0S7ghGqGb6pAsf IpPLAQspO1HpO8yxkqOVl9mToA+B2wunWjDziysrVDA6YzWgZHh4zXEDaw7JVTkuwG2KB1CW bExGDn7fCNJ8B9bioiCzVXk786awmTms7AJfWwEdARBbmWt5UvTmzexJOC6/gF1TBM8g85+D DovL3ICWMTs15vveFJiL7Z7Bf8+bGHgTKJ2GAAAAAElFTkSuQmCC X-Hashcash: 1:20:050531:arne@arnested.dk::w4+v6DxDzBSugO+2:0000000000000000000000000000000000000000000001f6u X-Hashcash: 1:20:050531:ding@gnus.org::v3mvHWIY3EmKruke:00004WIR X-Hashcash: 1:20:050531:simon@josefsson.org::WVSpNqnU6SF3WjGm:000000000000000000000000000000000000000000FpqY User-Agent: Gnus/5.110004 (No Gnus v0.4) XEmacs/21.4.17 (linux) X-Spam-Contact: Please contact postmaster@zeitform.de if spam detection is wrong X-Spam-Checker-Version: SpamAssassin 3.0.3-zeitform_3.01 (2005-04-27) on guildenstern.zeitform.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=7.0 tests=AWL,BAYEES_00, J_CHICKENPOX_52 autolearn=no version=3.0.3-zeitform_3.01 X-Spam-Score: -4.9 (----) Precedence: bulk Original-Sender: ding-owner@lists.math.uh.edu Xref: news.gmane.org gmane.emacs.gnus.general:60385 X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:60385 Arne J=F8rgensen wrote: > I have implemented the above strategy. Great! > I had no way to test it (except that it still works with DER encoded > certificates). > > The attached patch also includes the patch for LDAP handling in XEmacs > (from some weeks ago). Okay, I had to change two things (s.b.) and now it works very well ... for both PEM and DER encoded certs. [...] > Index: lisp/smime.el > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > RCS file: /usr/local/cvsroot/gnus/lisp/smime.el,v > retrieving revision 7.11 > diff -u -p -r7.11 smime.el > --- lisp/smime.el 17 May 2005 08:02:16 -0000 7.11 > +++ lisp/smime.el 31 May 2005 09:17:51 -0000 > @@ -578,9 +578,20 @@ A string or a list of strings is returne > host '("userCertificate") nil)) > (retbuf (generate-new-buffer (format "*certificate for %s*" mail))) > cert) > - (if (> (length ldapresult) 1) > + (if (>=3D (length ldapresult) 1) > (with-current-buffer retbuf > - (setq cert (base64-encode-string (nth 1 (car (nth 1 ldapresult))) t)) > + ;; Certificates on LDAP servers _should_ be in DER format, > + ;; but there are some servers out there that distributes the > + ;; certificates in PEM format (with or without > + ;; header/footer) so we try to handle them anyway. > + (if (or (string=3D (substring (cadaar ldapresult) 0 27) > + "-----BEGIN CERTIFICATE-----") > + (condition-case nil > + (base64-decode-string (cadaar ldapresult)) > + (error nil))) > + (setq cert > + (replace-regexp-in-string "\\(\n\||\r\\|-----BEGIN CERTIFICATE----= -\\|-----END CERTIFICATE-----\\)" "" (cadaar ldapresult) t)) It seems that replace-regexp-in-string is not known to xemacs but only to emacs. Furthermore, there's a typo in the regex ('\||\r' instead of '\\|\r= '). The following replacement does the job here (XEmacs 21.4 (patch 17)): (replace-in-string=20 (cadaar ldapresult)=20 "\\(\n\\|\r\\|-----BEGIN CERTIFICATE-----\\|-----END CERTIFICATE-----\\)" "" t)) > + (setq cert (base64-encode-string (cadaar ldapresult) t))) > (insert "-----BEGIN CERTIFICATE-----\n") > (let ((i 0) (len (length cert))) > (while (> (- len 64) i) Ulf