1 Return-Path: <jani@nikula.org>
\r
2 X-Original-To: notmuch@notmuchmail.org
\r
3 Delivered-To: notmuch@notmuchmail.org
\r
4 Received: from localhost (localhost [127.0.0.1])
\r
5 by arlo.cworth.org (Postfix) with ESMTP id CCB1B6DE02D2
\r
6 for <notmuch@notmuchmail.org>; Sat, 26 Sep 2015 04:59:03 -0700 (PDT)
\r
7 X-Virus-Scanned: Debian amavisd-new at cworth.org
\r
11 X-Spam-Status: No, score=-0.165 tagged_above=-999 required=5
\r
12 tests=[AWL=-0.189, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01,
\r
13 RCVD_IN_MSPIKE_WL=-0.01, URIBL_SBL=0.644, URIBL_SBL_A=0.1]
\r
15 Received: from arlo.cworth.org ([127.0.0.1])
\r
16 by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024)
\r
17 with ESMTP id EWWG6s_GSnTV for <notmuch@notmuchmail.org>;
\r
18 Sat, 26 Sep 2015 04:59:02 -0700 (PDT)
\r
19 Received: from mail-wi0-f169.google.com (mail-wi0-f169.google.com
\r
21 by arlo.cworth.org (Postfix) with ESMTPS id 9823B6DE0298
\r
22 for <notmuch@notmuchmail.org>; Sat, 26 Sep 2015 04:59:01 -0700 (PDT)
\r
23 Received: by wicfx3 with SMTP id fx3so48325526wic.0
\r
24 for <notmuch@notmuchmail.org>; Sat, 26 Sep 2015 04:59:00 -0700 (PDT)
\r
25 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
\r
26 d=1e100.net; s=20130820;
\r
27 h=x-gm-message-state:from:to:subject:in-reply-to:references
\r
28 :user-agent:date:message-id:mime-version:content-type;
\r
29 bh=L4QKMhpPrTIOx2qiMH/utGh+iDvkdoraIcBTfsGb+UA=;
\r
30 b=hZmG0p8CXNzl5pIuQ21PZNC9Df2iK35MvEpssQiFy9cmUTu8rtqyrQ0muYTkk2ZXWc
\r
31 lvT5ISe6DUF9/MNAb6oPIQ6GG67R0BLOfr+c2Scbdg3f/k4b74xEOqP+bUrbr5/iEUxi
\r
32 dc7/wTxfQxLclXcORMlvslH7DPt/iKuwVZ4a1yNHknJtZQ/SRTOLVGHG0PBcR9JhdxbN
\r
33 uFBAuB334hb2jDvlIyCbfkiO+9WfFG6Rj7Qio+AaZkDGPhOFbuGffU36AwU8EK9BXwJB
\r
34 YBl63PvgeH2y5vjyMH7Hk4icrePdGJOmTSfvNo/LT732tKHoVJBqjViIr/my/Fv8vRg0
\r
37 ALoCoQmdvHDSZhgcrGhf+6Ct3OR+2+DJEr+PuYyn7PzVCHHxoR3MFCSmxuRP6w3x/Xiq5i88/x7W
\r
38 X-Received: by 10.194.110.37 with SMTP id hx5mr11554063wjb.149.1443268739965;
\r
39 Sat, 26 Sep 2015 04:58:59 -0700 (PDT)
\r
40 Received: from localhost (mobile-access-bcee63-221.dhcp.inet.fi.
\r
42 by smtp.gmail.com with ESMTPSA id lm3sm8039209wjc.39.2015.09.26.04.58.59
\r
43 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
\r
44 Sat, 26 Sep 2015 04:58:59 -0700 (PDT)
\r
45 From: Jani Nikula <jani@nikula.org>
\r
46 To: David Bremner <david@tethera.net>, notmuch@notmuchmail.org
\r
47 Subject: Re: [PATCH 6/8] cli: crypto: S/MIME verification support
\r
48 In-Reply-To: <1439746876-23654-7-git-send-email-david@tethera.net>
\r
49 References: <54CA467B.30408@gnome.org>
\r
50 <1439746876-23654-1-git-send-email-david@tethera.net>
\r
51 <1439746876-23654-7-git-send-email-david@tethera.net>
\r
52 User-Agent: Notmuch/0.20.2+66~gb33abd9 (http://notmuchmail.org) Emacs/24.4.1
\r
53 (x86_64-pc-linux-gnu)
\r
54 Date: Sat, 26 Sep 2015 14:58:41 +0300
\r
55 Message-ID: <87bncpmlxq.fsf@nikula.org>
\r
57 Content-Type: text/plain
\r
58 X-BeenThere: notmuch@notmuchmail.org
\r
59 X-Mailman-Version: 2.1.18
\r
61 List-Id: "Use and development of the notmuch mail system."
\r
62 <notmuch.notmuchmail.org>
\r
63 List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,
\r
64 <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>
\r
65 List-Archive: <http://notmuchmail.org/pipermail/notmuch/>
\r
66 List-Post: <mailto:notmuch@notmuchmail.org>
\r
67 List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
\r
68 List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,
\r
69 <mailto:notmuch-request@notmuchmail.org?subject=subscribe>
\r
70 X-List-Received-Date: Sat, 26 Sep 2015 11:59:03 -0000
\r
72 On Sun, 16 Aug 2015, David Bremner <david@tethera.net> wrote:
\r
73 > From: Jani Nikula <jani@nikula.org>
\r
75 > notmuch-show --verify will now also process S/MIME multiparts if
\r
76 > encountered. Requires gmime-2.6 and gpgsm.
\r
78 > Based on work by Jameson Graef Rollins <jrollins@finestructure.net>.
\r
80 > crypto.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++
\r
81 > notmuch-client.h | 7 +++++--
\r
82 > test/T355-smime.sh | 1 -
\r
83 > 3 files changed, 55 insertions(+), 3 deletions(-)
\r
85 > diff --git a/crypto.c b/crypto.c
\r
86 > index 11c167e..ce683d2 100644
\r
89 > @@ -43,6 +43,51 @@ create_gpg_context (notmuch_crypto_t *crypto)
\r
93 > +/* Create a PKCS7 context (GMime 2.6) */
\r
94 > +static notmuch_crypto_context_t *
\r
95 > +create_pkcs7_context (notmuch_crypto_t *crypto)
\r
97 > + notmuch_crypto_context_t *pkcs7ctx;
\r
99 > + if (crypto->pkcs7ctx)
\r
100 > + return crypto->pkcs7ctx;
\r
102 > + /* TODO: GMimePasswordRequestFunc */
\r
103 > + pkcs7ctx = g_mime_pkcs7_context_new (NULL);
\r
104 > + if (! pkcs7ctx) {
\r
105 > + fprintf (stderr, "Failed to construct pkcs7 context.\n");
\r
108 > + crypto->pkcs7ctx = pkcs7ctx;
\r
110 > + g_mime_pkcs7_context_set_always_trust ((GMimePkcs7Context *) pkcs7ctx,
\r
113 > + return pkcs7ctx;
\r
116 > +static const struct {
\r
117 > + const char *protocol;
\r
118 > + notmuch_crypto_context_t *(*get_context) (notmuch_crypto_t *crypto);
\r
119 > +} protocols[] = {
\r
121 > + .protocol = "application/pgp-signature",
\r
122 > + .get_context = create_gpg_context,
\r
125 > + .protocol = "application/pgp-encrypted",
\r
126 > + .get_context = create_gpg_context,
\r
129 > + .protocol = "application/pkcs7-signature",
\r
130 > + .get_context = create_pkcs7_context,
\r
133 > + .protocol = "application/x-pkcs7-signature",
\r
134 > + .get_context = create_pkcs7_context,
\r
138 The array itself should be added in patch 2 as it depends on it, and
\r
139 this patch should only add the pkcs7 ones. I guess this got broken at
\r
147 > /* for the specified protocol return the context pointer (initializing
\r
149 > notmuch_crypto_context_t *
\r
150 > @@ -81,5 +126,10 @@ notmuch_crypto_cleanup (notmuch_crypto_t *crypto)
\r
151 > crypto->gpgctx = NULL;
\r
154 > + if (crypto->pkcs7ctx) {
\r
155 > + g_object_unref (crypto->pkcs7ctx);
\r
156 > + crypto->pkcs7ctx = NULL;
\r
161 > diff --git a/notmuch-client.h b/notmuch-client.h
\r
162 > index 1f82656..774b620 100644
\r
163 > --- a/notmuch-client.h
\r
164 > +++ b/notmuch-client.h
\r
165 > @@ -31,6 +31,8 @@
\r
166 > #include <gmime/gmime.h>
\r
168 > typedef GMimeCryptoContext notmuch_crypto_context_t;
\r
169 > +/* This is automatically included only since gmime 2.6.10 */
\r
170 > +#include <gmime/gmime-pkcs7-context.h>
\r
172 > #include "notmuch.h"
\r
174 > @@ -69,6 +71,7 @@ typedef struct notmuch_show_format {
\r
176 > typedef struct notmuch_crypto {
\r
177 > notmuch_crypto_context_t* gpgctx;
\r
178 > + notmuch_crypto_context_t* pkcs7ctx;
\r
179 > notmuch_bool_t verify;
\r
180 > notmuch_bool_t decrypt;
\r
181 > const char *gpgpath;
\r
182 > @@ -406,8 +409,8 @@ struct mime_node {
\r
183 > /* Construct a new MIME node pointing to the root message part of
\r
184 > * message. If crypto->verify is true, signed child parts will be
\r
185 > * verified. If crypto->decrypt is true, encrypted child parts will be
\r
186 > - * decrypted. If crypto->gpgctx is NULL, it will be lazily
\r
188 > + * decrypted. If the crypto contexts (crypto->gpgctx or
\r
189 > + * crypto->pkcs7) are NULL, they will be lazily initialized.
\r
193 > diff --git a/test/T355-smime.sh b/test/T355-smime.sh
\r
194 > index b3cc76e..caedf5e 100755
\r
195 > --- a/test/T355-smime.sh
\r
196 > +++ b/test/T355-smime.sh
\r
197 > @@ -56,7 +56,6 @@ EOF
\r
198 > test_expect_equal_file OUTPUT EXPECTED
\r
200 > test_begin_subtest "signature verification (notmuch CLI)"
\r
201 > -test_subtest_known_broken
\r
202 > output=$(notmuch show --format=json --verify subject:"test signed message 001" \
\r
203 > | notmuch_json_show_sanitize \
\r
204 > | sed -e 's|"created": [1234567890]*|"created": 946728000|' \
\r