Changeset 2944:2cdc472df3ca for contrib

Timestamp:

2002-03-02 01:17:40 (7 years ago)

Author:

Thomas Roessler <roessler@…>

Branch:

HEAD

Message:

smime.c:

• the getkeys() function was broken and deleted the last char of the certfilename
• it now lets me use more than one key for the same mailbox ie select these.
• some display output was garbled when the email didn't match. i posted some fix to mutt-users, but i don't like that sleep() so i dropped the first error message, which basically repeated the from/sender field only. so now there's just the message: they don't match.

smime_keys:

• i modified the add_chain to continue even if no roo-cert is present (david collantes received som chain that got exported from outlook. obiously they don't (always ?) include the root cert) it will now abort if neither root nor intermediate certs are present.
• add_cert created index entries with '-' as issuer cert, when it should have been '?'. thus verify would fail. (obviously nobody ever used that command (add_cert, that is) :)

the feature above obsoletes the hash_cert and fingerprint_cert commands,
adds import_cert command and ask_cert_label bool. i modified the output
of smime_keys (a little) so it doesn't look too garbled when supplying
the label (it is actually interactive :) furthermore, i do a verify
after the cert was added and modified the verify routine to make the
cerificate trusted in case of success. (we discussed this in another
message) that is ok so far, but perhaps this requires some better root
certificate handling, ie the trust should be somehow connected to the
root certificate, that maybe added (if the user trusts it and its not
present already) to the ca-file. i'll think about that some more ... but
then, there already is the add_root command. hmmm... (btw, you'll now
never get asked to trust a certificate)

i have not yet deleted the email handling from the import key stuff (in
smime.c/crypt.c), for i'm thinking about smime_keys using it as an
additional arg. otoh i don't think users would press ^{k if verification
failed...hmmm... but still, smime_keys does extract the email from the
certificate either way and does verify it by itself, so the only thing
that would happen is to have some invalid certificates, that mutt'll
refuse to use anyways, left in the database....}

(From Oliver Ehli.)

Files:

• contrib/smime.rc (modified) (2 diffs)

contrib/smime.rc

@@ -6 +6 @@
 # will be the default method unless the following option is set
 set smime_is_default
+
+# Uncoment this if you don't want to set labels for certificates you add.
+# unset smime_ask_cert_label
 
 # Passphrase expiration
@@ -42 +45 @@
 set smime_get_signer_cert_command="openssl smime -verify -in %f -noverify -signer %c -out /dev/null"
 
-# This is used to get a filename for certificates that get stored in the
-# above directory
-set smime_hash_cert_command="openssl x509 -in  %f -noout -hash"
-
-# This is used to get a md5-fingerprint of a certificate for purpose
-# of comparism
-set smime_fingerprint_cert_command="openssl x509 -in  %f -noout -fingerprint"
-
 # This is used to get the email address the certificate was issued to.
 set smime_get_cert_email_command="openssl x509 -in  %f -noout -email"
+
+# Add a certificate to the database using smime_keys.
+set smime_import_cert_command="smime_keys add_cert %f"