--- /dev/null
+Return-Path: <bremner@tethera.net>\r
+X-Original-To: notmuch@notmuchmail.org\r
+Delivered-To: notmuch@notmuchmail.org\r
+Received: from localhost (localhost [127.0.0.1])\r
+ by arlo.cworth.org (Postfix) with ESMTP id 61C156DE15A1\r
+ for <notmuch@notmuchmail.org>; Mon, 14 Dec 2015 05:39:13 -0800 (PST)\r
+X-Virus-Scanned: Debian amavisd-new at cworth.org\r
+X-Spam-Flag: NO\r
+X-Spam-Score: -0.314\r
+X-Spam-Level: \r
+X-Spam-Status: No, score=-0.314 tagged_above=-999 required=5 tests=[AWL=0.237,\r
+ RP_MATCHES_RCVD=-0.55, SPF_PASS=-0.001] autolearn=disabled\r
+Received: from arlo.cworth.org ([127.0.0.1])\r
+ by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024)\r
+ with ESMTP id AyJOZUz0r1il for <notmuch@notmuchmail.org>;\r
+ Mon, 14 Dec 2015 05:39:11 -0800 (PST)\r
+Received: from fethera.tethera.net (fethera.tethera.net [198.245.60.197])\r
+ by arlo.cworth.org (Postfix) with ESMTPS id 315BF6DE0A4A\r
+ for <notmuch@notmuchmail.org>; Mon, 14 Dec 2015 05:39:10 -0800 (PST)\r
+Received: from remotemail by fethera.tethera.net with local (Exim 4.84)\r
+ (envelope-from <bremner@tethera.net>)\r
+ id 1a8TLF-0008Ed-Eq; Mon, 14 Dec 2015 08:39:05 -0500\r
+Received: (nullmailer pid 31806 invoked by uid 1000);\r
+ Mon, 14 Dec 2015 13:39:05 -0000\r
+From: David Bremner <david@tethera.net>\r
+To: notmuch@notmuchmail.org\r
+Subject: [Patch v3 6/8] cli: crypto: S/MIME verification support\r
+Date: Mon, 14 Dec 2015 09:38:55 -0400\r
+Message-Id: <1450100337-31655-7-git-send-email-david@tethera.net>\r
+X-Mailer: git-send-email 2.6.2\r
+In-Reply-To: <1450100337-31655-1-git-send-email-david@tethera.net>\r
+References: <1450100337-31655-1-git-send-email-david@tethera.net>\r
+X-BeenThere: notmuch@notmuchmail.org\r
+X-Mailman-Version: 2.1.20\r
+Precedence: list\r
+List-Id: "Use and development of the notmuch mail system."\r
+ <notmuch.notmuchmail.org>\r
+List-Unsubscribe: <https://notmuchmail.org/mailman/options/notmuch>,\r
+ <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>\r
+List-Archive: <http://notmuchmail.org/pipermail/notmuch/>\r
+List-Post: <mailto:notmuch@notmuchmail.org>\r
+List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>\r
+List-Subscribe: <https://notmuchmail.org/mailman/listinfo/notmuch>,\r
+ <mailto:notmuch-request@notmuchmail.org?subject=subscribe>\r
+X-List-Received-Date: Mon, 14 Dec 2015 13:39:13 -0000\r
+\r
+From: Jani Nikula <jani@nikula.org>\r
+\r
+notmuch-show --verify will now also process S/MIME multiparts if\r
+encountered. Requires gmime-2.6 and gpgsm.\r
+\r
+Based on work by Jameson Graef Rollins <jrollins@finestructure.net>.\r
+---\r
+ crypto.c | 35 +++++++++++++++++++++++++++++++++++\r
+ notmuch-client.h | 7 +++++--\r
+ test/T355-smime.sh | 1 -\r
+ 3 files changed, 40 insertions(+), 3 deletions(-)\r
+\r
+diff --git a/crypto.c b/crypto.c\r
+index feae949..3dabc97 100644\r
+--- a/crypto.c\r
++++ b/crypto.c\r
+@@ -43,6 +43,28 @@ create_gpg_context (notmuch_crypto_t *crypto)\r
+ return gpgctx;\r
+ }\r
+ \r
++/* Create a PKCS7 context (GMime 2.6) */\r
++static notmuch_crypto_context_t *\r
++create_pkcs7_context (notmuch_crypto_t *crypto)\r
++{\r
++ notmuch_crypto_context_t *pkcs7ctx;\r
++\r
++ if (crypto->pkcs7ctx)\r
++ return crypto->pkcs7ctx;\r
++\r
++ /* TODO: GMimePasswordRequestFunc */\r
++ pkcs7ctx = g_mime_pkcs7_context_new (NULL);\r
++ if (! pkcs7ctx) {\r
++ fprintf (stderr, "Failed to construct pkcs7 context.\n");\r
++ return NULL;\r
++ }\r
++ crypto->pkcs7ctx = pkcs7ctx;\r
++\r
++ g_mime_pkcs7_context_set_always_trust ((GMimePkcs7Context *) pkcs7ctx,\r
++ FALSE);\r
++\r
++ return pkcs7ctx;\r
++}\r
+ static const struct {\r
+ const char *protocol;\r
+ notmuch_crypto_context_t *(*get_context) (notmuch_crypto_t *crypto);\r
+@@ -55,6 +77,14 @@ static const struct {\r
+ .protocol = "application/pgp-encrypted",\r
+ .get_context = create_gpg_context,\r
+ },\r
++ {\r
++ .protocol = "application/pkcs7-signature",\r
++ .get_context = create_pkcs7_context,\r
++ },\r
++ {\r
++ .protocol = "application/x-pkcs7-signature",\r
++ .get_context = create_pkcs7_context,\r
++ },\r
+ };\r
+ \r
+ /* for the specified protocol return the context pointer (initializing\r
+@@ -95,5 +125,10 @@ notmuch_crypto_cleanup (notmuch_crypto_t *crypto)\r
+ crypto->gpgctx = NULL;\r
+ }\r
+ \r
++ if (crypto->pkcs7ctx) {\r
++ g_object_unref (crypto->pkcs7ctx);\r
++ crypto->pkcs7ctx = NULL;\r
++ }\r
++\r
+ return 0;\r
+ }\r
+diff --git a/notmuch-client.h b/notmuch-client.h\r
+index 3bd2903..18e6c60 100644\r
+--- a/notmuch-client.h\r
++++ b/notmuch-client.h\r
+@@ -31,6 +31,8 @@\r
+ #include <gmime/gmime.h>\r
+ \r
+ typedef GMimeCryptoContext notmuch_crypto_context_t;\r
++/* This is automatically included only since gmime 2.6.10 */\r
++#include <gmime/gmime-pkcs7-context.h>\r
+ \r
+ #include "notmuch.h"\r
+ \r
+@@ -70,6 +72,7 @@ typedef struct notmuch_show_format {\r
+ \r
+ typedef struct notmuch_crypto {\r
+ notmuch_crypto_context_t* gpgctx;\r
++ notmuch_crypto_context_t* pkcs7ctx;\r
+ notmuch_bool_t verify;\r
+ notmuch_bool_t decrypt;\r
+ const char *gpgpath;\r
+@@ -407,8 +410,8 @@ struct mime_node {\r
+ /* Construct a new MIME node pointing to the root message part of\r
+ * message. If crypto->verify is true, signed child parts will be\r
+ * verified. If crypto->decrypt is true, encrypted child parts will be\r
+- * decrypted. If crypto->gpgctx is NULL, it will be lazily\r
+- * initialized.\r
++ * decrypted. If the crypto contexts (crypto->gpgctx or\r
++ * crypto->pkcs7) are NULL, they will be lazily initialized.\r
+ *\r
+ * Return value:\r
+ *\r
+diff --git a/test/T355-smime.sh b/test/T355-smime.sh\r
+index 70a8287..47e3e94 100755\r
+--- a/test/T355-smime.sh\r
++++ b/test/T355-smime.sh\r
+@@ -44,7 +44,6 @@ EOF\r
+ test_expect_equal_file EXPECTED OUTPUT\r
+ \r
+ test_begin_subtest "signature verification (notmuch CLI)"\r
+-test_subtest_known_broken\r
+ output=$(notmuch show --format=json --verify subject:"test signed message 001" \\r
+ | notmuch_json_show_sanitize \\r
+ | sed -e 's|"created": [-1234567890]*|"created": 946728000|' \\r
+-- \r
+2.6.2\r
+\r