Changeset 5433:63cfab6d508b

Timestamp:

2008-06-29 00:31:42 (5 months ago)

Author:

Brendan Cully <brendan@…>

Branch:

HEAD

Message:

Show more information about problematic SMIME signatures under gpgme.
Also warn if the key is not known to be good. For some reason expired
keys in my environment are not flagged as expired in sig->status or
sig->summary.

Files:

• ChangeLog (modified) (1 diff)
• crypt-gpgme.c (modified) (6 diffs)

ChangeLog

@@ +1 @@
+2008-06-28 20:33 -0700  Brendan Cully  <brendan@kublai.com>  (1492c24f2a4e)
+
+        * mutt_ssl_gnutls.c: Extract CN from client certificate in gnutls.
+        Nothing currently uses it, but I suspect we should be using it as
+        the external auth name in mutt_sasl_client_new.
+
+        * UPDATING, globals.h, init.h, mutt_sasl.c, mutt_ssl_gnutls.c:
+        Basic support for $ssl_client_cert when compiled with
+        gnutls. The key must not be encrypted. Closes #2911.
+
 2008-06-27 12:04 -0700  Petr Písař  <petr.pisar@atlas.cz>  (40c6e851bf76)
 

crypt-gpgme.c

@@ -1253 +1253 @@
 }
 
+static void print_smime_keyinfo (gpgme_signature_t sig, gpgme_key_t key,
+                                 STATE *s)
+{
+  gpgme_user_id_t uids = NULL;
+  int aka = 0;
+
+  for (uids = key->uids; uids; uids = uids->next)
+  {
+    if (uids->revoked)
+      continue;
+    if (aka)
+      state_attach_puts (_("                aka: "), s);
+    state_attach_puts (uids->uid, s);
+    state_attach_puts ("\n", s);
+    
+    aka = 1;
+  }
+  state_attach_puts (_("            created: "), s);
+  print_time (sig->timestamp, s);
+  state_attach_puts ("\n", s);  
+}
+
 /* Show information about one signature.  This fucntion is called with
    the context CTX of a sucessful verification operation and the
@@ -1262 +1284 @@
 static int show_one_sig_status (gpgme_ctx_t ctx, int idx, STATE *s)
 {
-  time_t created;
   const char *fpr, *uid;
   gpgme_key_t key = NULL;
@@ -1291 +1312 @@
         }
       
-      created = sig->timestamp;
       fpr = sig->fpr;
       sum = sig->summary;
@@ -1316 +1336 @@
       else if (err)
         {
-          state_attach_puts (_("Error getting key information: "), s);
-         state_attach_puts ( gpg_strerror (err), s );
-          state_attach_puts ("\n", s);
-         anybad = 1;
+          state_attach_puts (_("Error getting key information: "), s);
+          state_attach_puts ( gpg_strerror (err), s );
+          state_attach_puts ("\n", s);
+          anybad = 1;
         }
       else if ((sum & GPGME_SIGSUM_GREEN))
-        {
-          state_attach_puts (_("Good signature from: "), s);
-          state_attach_puts (uid, s);
-          state_attach_puts ("\n", s);
-          for (i = 1, uids = key->uids; uids; i++, uids = uids->next)
-            {
-              if (i == 1)
-                /* Skip primary UID.  */
-                continue;
-              if (uids->revoked)
-                continue;
-              state_attach_puts (_("                aka: "), s);
-              state_attach_puts (uids->uid, s);
-              state_attach_puts ("\n", s);
-            }
-          state_attach_puts (_("            created: "), s);
-          print_time (created, s);
-          state_attach_puts ("\n", s);
-          if (show_sig_summary (sum, ctx, key, idx, s, sig))
-            anywarn = 1;
-          show_one_sig_validity (ctx, idx, s);
-        }
+      {
+        state_attach_puts (_("Good signature from: "), s);
+        print_smime_keyinfo (sig, key, s);
+        state_attach_puts (_("            expires: "), s);
+        print_time (sig->exp_timestamp, s);
+        state_attach_puts ("\n", s);
+        if (show_sig_summary (sum, ctx, key, idx, s, sig))
+          anywarn = 1;
+        show_one_sig_validity (ctx, idx, s);
+      }
       else if ((sum & GPGME_SIGSUM_RED))
-        {
-          state_attach_puts (_("*BAD* signature claimed to be from: "), s);
-          state_attach_puts (uid, s);
-          state_attach_puts ("\n", s);
-          show_sig_summary (sum, ctx, key, idx, s, sig);
-        }
+      {
+        state_attach_puts (_("*BAD* signature claimed to be from: "), s);
+        print_smime_keyinfo (sig, key, s);
+        show_sig_summary (sum, ctx, key, idx, s, sig);
+      }
       else if (!anybad && key && (key->protocol == GPGME_PROTOCOL_OpenPGP))
         { /* We can't decide (yellow) but this is a PGP key with a good
@@ -1360 +1367 @@
           state_attach_puts ("\n", s);
           state_attach_puts (_("            created: "), s);
-          print_time (created, s);
+          print_time (sig->timestamp, s);
           state_attach_puts ("\n", s);
           show_one_sig_validity (ctx, idx, s);
@@ -1368 +1375 @@
         }
       else /* can't decide (yellow) */
-        {
-          state_attach_puts (_("Error checking signature"), s);
-          state_attach_puts ("\n", s);
-          show_sig_summary (sum, ctx, key, idx, s, sig);
-        }
+      {
+        state_attach_puts (_("Problem signature from: "), s);
+        print_smime_keyinfo (sig, key, s);
+        state_attach_puts (_("            expires: "), s);
+        print_time (sig->exp_timestamp, s);
+        state_attach_puts ("\n", s);
+        show_sig_summary (sum, ctx, key, idx, s, sig);
+        anywarn = 1;
+      }
 
       if (key != signature_key)