1 Return-Path: <jrollins@finestructure.net>
\r
2 X-Original-To: notmuch@notmuchmail.org
\r
3 Delivered-To: notmuch@notmuchmail.org
\r
4 Received: from localhost (localhost [127.0.0.1])
\r
5 by olra.theworths.org (Postfix) with ESMTP id B926A431FC2
\r
6 for <notmuch@notmuchmail.org>; Sat, 17 Jan 2015 12:07:17 -0800 (PST)
\r
7 X-Virus-Scanned: Debian amavisd-new at olra.theworths.org
\r
11 X-Spam-Status: No, score=0.138 tagged_above=-999 required=5
\r
12 tests=[DNS_FROM_AHBL_RHSBL=2.438, RCVD_IN_DNSWL_MED=-2.3]
\r
14 Received: from olra.theworths.org ([127.0.0.1])
\r
15 by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)
\r
16 with ESMTP id noUzai8X2Wlr for <notmuch@notmuchmail.org>;
\r
17 Sat, 17 Jan 2015 12:07:14 -0800 (PST)
\r
18 Received: from outgoing-mail.its.caltech.edu (outgoing-mail.its.caltech.edu
\r
20 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
\r
21 (No client certificate requested)
\r
22 by olra.theworths.org (Postfix) with ESMTPS id 76823431FB6
\r
23 for <notmuch@notmuchmail.org>; Sat, 17 Jan 2015 12:07:14 -0800 (PST)
\r
24 Received: from smtp02.caltech.edu (localhost [127.0.0.1])
\r
25 by filter-return (Postfix) with ESMTP id 9DF606C02A4;
\r
26 Sat, 17 Jan 2015 12:07:12 -0800 (PST)
\r
27 X-Spam-Scanned: at Caltech-IMSS on smtp02.caltech.edu by amavisd-new
\r
28 Received: from finestructure.net (cpe-104-173-172-86.socal.res.rr.com
\r
30 (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
\r
31 (No client certificate requested) (Authenticated sender: jrollins)
\r
32 by smtp-server.its.caltech.edu (Postfix) with ESMTPSA id 0A2936C0192;
\r
33 Sat, 17 Jan 2015 12:07:12 -0800 (PST)
\r
34 Received: by finestructure.net (Postfix, from userid 1000)
\r
35 id 94A9B60142; Sat, 17 Jan 2015 12:07:11 -0800 (PST)
\r
36 From: Jameson Graef Rollins <jrollins@finestructure.net>
\r
37 To: David Bremner <david@tethera.net>, Notmuch Mail <notmuch@notmuchmail.org>
\r
38 Subject: Re: SMIME patches v3, with some tests
\r
39 In-Reply-To: <1421491906-14542-1-git-send-email-david@tethera.net>
\r
40 References: <1395031944-15557-1-git-send-email-jrollins@finestructure.net>
\r
41 <1421491906-14542-1-git-send-email-david@tethera.net>
\r
42 User-Agent: Notmuch/0.19+9~gdca38d0 (http://notmuchmail.org) Emacs/24.4.1
\r
43 (x86_64-pc-linux-gnu)
\r
44 Date: Sat, 17 Jan 2015 12:07:09 -0800
\r
45 Message-ID: <87wq4ltbma.fsf@servo.finestructure.net>
\r
47 Content-Type: multipart/signed; boundary="=-=-=";
\r
48 micalg=pgp-sha256; protocol="application/pgp-signature"
\r
49 X-BeenThere: notmuch@notmuchmail.org
\r
50 X-Mailman-Version: 2.1.13
\r
52 List-Id: "Use and development of the notmuch mail system."
\r
53 <notmuch.notmuchmail.org>
\r
54 List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,
\r
55 <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>
\r
56 List-Archive: <http://notmuchmail.org/pipermail/notmuch>
\r
57 List-Post: <mailto:notmuch@notmuchmail.org>
\r
58 List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
\r
59 List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,
\r
60 <mailto:notmuch-request@notmuchmail.org?subject=subscribe>
\r
61 X-List-Received-Date: Sat, 17 Jan 2015 20:07:17 -0000
\r
64 Content-Type: text/plain
\r
65 Content-Transfer-Encoding: quoted-printable
\r
67 On Sat, Jan 17 2015, David Bremner <david@tethera.net> wrote:
\r
68 > Generating the certs was very much trial and error. The net of
\r
69 > a thousand lies may have led me astray a bit in that it may be
\r
70 > possible to do this all with gpgsm and avoid the dependency on
\r
71 > openssl. On the other hand, some tests is better than no tests.
\r
73 Hey, David. Thanks so much for covering our butts and finally putting
\r
74 together these tests.
\r
76 They look good to me. Unfortunately, one of the tests is failing for
\r
77 me, but I'm completely perplexed as to why:
\r
79 T355-smime: Testing S/MIME signature verification and decryption
\r
80 PASS Generate CA Cert
\r
81 PASS Generate User Cert
\r
82 PASS emacs delivery of S/MIME signed message
\r
83 FAIL Signature verification (openssl)
\r
84 --- T355-smime.4.OUTPUT 2015-01-17 19:06:46.806054727 +0000
\r
85 +++ T355-smime.4.EXPECTED 2015-01-17 19:06:46.806054727 +0000
\r
87 Verification successful
\r
88 -Content-Type: text/plain
\r
90 -This is a test signed message.
\r
91 +Content-Type: text/plain
\r
93 +This is a test signed message.
\r
94 PASS signature verification (notmuch CLI)
\r
96 ?? There's visually no difference between the supposedly diff'd text.
\r
97 A hd of the output files being compared shows that openssl is using a
\r
98 carriage return '0d' followed by line feed '0a' for every newline,
\r
99 in place of a simple line feed '0a' in the original message file:
\r
101 servo:~/src/notmuch/git [master*] 0$ hd test/tmp.T355-smime/T355-smime.4.EX=
\r
103 00000000 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 |Content-Type: =
\r
105 00000010 78 74 2f 70 6c 61 69 6e 0a 0a 54 68 69 73 20 69 |xt/plain..This=
\r
107 00000020 73 20 61 20 74 65 73 74 20 73 69 67 6e 65 64 20 |s a test signe=
\r
109 00000030 6d 65 73 73 61 67 65 2e 0a 56 65 72 69 66 69 63 |message..Verif=
\r
111 00000040 61 74 69 6f 6e 20 73 75 63 63 65 73 73 66 75 6c |ation successf=
\r
115 servo:~/src/notmuch/git [master*] 0$ hd test/tmp.T355-smime/T355-smime.4.OU=
\r
117 00000000 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 |Content-Type: =
\r
119 00000010 78 74 2f 70 6c 61 69 6e 0d 0a 0d 0a 54 68 69 73 |xt/plain....Th=
\r
121 00000020 20 69 73 20 61 20 74 65 73 74 20 73 69 67 6e 65 | is a test sig=
\r
123 00000030 64 20 6d 65 73 73 61 67 65 2e 0d 0a 56 65 72 69 |d message...Ve=
\r
125 00000040 66 69 63 61 74 69 6f 6e 20 73 75 63 63 65 73 73 |fication succe=
\r
127 00000050 66 75 6c 0a |ful.|
\r
129 servo:~/src/notmuch/git [master*] 0$=20
\r
131 Bad openssl. (Daniel off stage screaming: "why aren't you using
\r
134 I also noticed that the "Verification successful" string is not reliably
\r
135 being printed to stderr before the message output.
\r
137 Two possible patches to fix the problems are attached below. The second
\r
138 is maybe slightly preferred, since it eliminates any reliance on broken
\r
139 openssl message output whatsoever.
\r
141 Thanks again for working on this, David.
\r
146 diff --git a/test/T355-smime.sh b/test/T355-smime.sh
\r
147 index 0e5fd4a..5e3ec72 100755
\r
148 =2D-- a/test/T355-smime.sh
\r
149 +++ b/test/T355-smime.sh
\r
150 @@ -43,7 +43,9 @@ test_expect_success 'emacs delivery of S/MIME signed mes
\r
152 test_begin_subtest "Signature verification (openssl)"
\r
153 notmuch show --format=3Draw subject:"test signed message 001" |\
\r
154 =2D openssl smime -verify -CAfile ca.crt >& OUTPUT
\r
155 + openssl smime -verify -CAfile ca.crt 2> OUTPUT
\r
156 +notmuch show --format=3Draw subject:"test signed message 001" |\
\r
157 + openssl smime -verify -CAfile ca.crt | tr -d '\015' >> OUTPUT
\r
158 cat <<EOF > EXPECTED
\r
159 Verification successful
\r
160 Content-Type: text/plain
\r
163 diff --git a/test/T355-smime.sh b/test/T355-smime.sh
\r
164 index 0e5fd4a..cba23e0 100755
\r
165 =2D-- a/test/T355-smime.sh
\r
166 +++ b/test/T355-smime.sh
\r
167 @@ -43,12 +43,9 @@ test_expect_success 'emacs delivery of S/MIME signed me
\r
169 test_begin_subtest "Signature verification (openssl)"
\r
170 notmuch show --format=3Draw subject:"test signed message 001" |\
\r
171 =2D openssl smime -verify -CAfile ca.crt >& OUTPUT
\r
172 + openssl smime -verify -CAfile ca.crt 2> OUTPUT
\r
173 cat <<EOF > EXPECTED
\r
174 Verification successful
\r
175 =2DContent-Type: text/plain
\r
177 =2DThis is a test signed message.
\r
179 test_expect_equal_file OUTPUT EXPECTED
\r
183 Content-Type: application/pgp-signature; name="signature.asc"
\r
185 -----BEGIN PGP SIGNATURE-----
\r
188 iQIcBAEBCAAGBQJUusDtAAoJEO00zqvie6q8d6MP/jIyCdqdd+KtyL8IJVc1W+OV
\r
189 96Fzru7r+Woiy27UgUCjdr3Nw1WYKIZYwOz1IXJg7o5sxGof9NtppSUNQrqIQK0t
\r
190 TIYHz6JqA82LgnW/fuzinLAtpHlm9iCwpJOs0vKHmAhIN4pzBZXRFe5tVhIUy1Pf
\r
191 xt6zNZ0bzZK0pyqVols3moVDxAP4BI2kSDbzVY1geYa9HyIs2m5aQYRKPTmFHnC+
\r
192 M8zvL0bMsSiVisvex5GLduKwHIxl6ZvnsL2GrEfr1QDz0TrEnkh/ZDN5/s2VFKXM
\r
193 maeMO7GrQw4fhmaq4ldmxJcxbqUlGND8kzvXWxwod9Wdj7QDDnGYrV3hkMFApNGj
\r
194 7hhjqq2LKFsawBzegsDsgpkAFtA4mF1g/O/1kd2cpe6z3bSPD4O2aVUmFDnFEABQ
\r
195 ytbf5ZdjnF+5mO59iIe3wvDD8JUWkLDd/B5Md8I4cNvxTSe7L5YTHd2PlH1gYeIi
\r
196 cyryDHEJAykNv+L9vglKYw4VsEpZ6S1QhlYHERUlvBUELV7i/xKXAD9WDBXi7lSB
\r
197 QxHwZz5aCm/XsCMNvSq7P32FjLX1aqGuDwD/xmb1vOOc0Xs3uORHa97R3bRlMAND
\r
198 MzNhw4zHtKRU0V9NusNUbuTKIg9COAlSeVsO1x1lfRUSg04AybYMZrxXLZuzadMi
\r
199 atsLuNZEFWUmnpfobM8q
\r
201 -----END PGP SIGNATURE-----
\r