Re: SMIME patches v3, with some tests

diff --git a/82/14eb937737a4a31d4a7b1f1f179b233088da41 b/82/14eb937737a4a31d4a7b1f1f179b233088da41
new file mode 100644 (file)
index 0000000..7a797db
--- /dev/null
+++ b/82/14eb937737a4a31d4a7b1f1f179b233088da41
@@ -0,0 +1,202 @@
+Return-Path: <jrollins@finestructure.net>\r
+X-Original-To: notmuch@notmuchmail.org\r
+Delivered-To: notmuch@notmuchmail.org\r
+Received: from localhost (localhost [127.0.0.1])\r
+       by olra.theworths.org (Postfix) with ESMTP id B926A431FC2\r
+       for <notmuch@notmuchmail.org>; Sat, 17 Jan 2015 12:07:17 -0800 (PST)\r
+X-Virus-Scanned: Debian amavisd-new at olra.theworths.org\r
+X-Spam-Flag: NO\r
+X-Spam-Score: 0.138\r
+X-Spam-Level: \r
+X-Spam-Status: No, score=0.138 tagged_above=-999 required=5\r
+       tests=[DNS_FROM_AHBL_RHSBL=2.438, RCVD_IN_DNSWL_MED=-2.3]\r
+       autolearn=disabled\r
+Received: from olra.theworths.org ([127.0.0.1])\r
+       by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)\r
+       with ESMTP id noUzai8X2Wlr for <notmuch@notmuchmail.org>;\r
+       Sat, 17 Jan 2015 12:07:14 -0800 (PST)\r
+Received: from outgoing-mail.its.caltech.edu (outgoing-mail.its.caltech.edu\r
+       [131.215.239.19])\r
+       (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))\r
+       (No client certificate requested)\r
+       by olra.theworths.org (Postfix) with ESMTPS id 76823431FB6\r
+       for <notmuch@notmuchmail.org>; Sat, 17 Jan 2015 12:07:14 -0800 (PST)\r
+Received: from smtp02.caltech.edu (localhost [127.0.0.1])\r
+       by filter-return (Postfix) with ESMTP id 9DF606C02A4;\r
+       Sat, 17 Jan 2015 12:07:12 -0800 (PST)\r
+X-Spam-Scanned: at Caltech-IMSS on smtp02.caltech.edu by amavisd-new\r
+Received: from finestructure.net (cpe-104-173-172-86.socal.res.rr.com\r
+       [104.173.172.86])\r
+       (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))\r
+       (No client certificate requested) (Authenticated sender: jrollins)\r
+       by smtp-server.its.caltech.edu (Postfix) with ESMTPSA id 0A2936C0192;\r
+       Sat, 17 Jan 2015 12:07:12 -0800 (PST)\r
+Received: by finestructure.net (Postfix, from userid 1000)\r
+       id 94A9B60142; Sat, 17 Jan 2015 12:07:11 -0800 (PST)\r
+From: Jameson Graef Rollins <jrollins@finestructure.net>\r
+To: David Bremner <david@tethera.net>, Notmuch Mail <notmuch@notmuchmail.org>\r
+Subject: Re: SMIME patches v3, with some tests\r
+In-Reply-To: <1421491906-14542-1-git-send-email-david@tethera.net>\r
+References: <1395031944-15557-1-git-send-email-jrollins@finestructure.net>\r
+       <1421491906-14542-1-git-send-email-david@tethera.net>\r
+User-Agent: Notmuch/0.19+9~gdca38d0 (http://notmuchmail.org) Emacs/24.4.1\r
+       (x86_64-pc-linux-gnu)\r
+Date: Sat, 17 Jan 2015 12:07:09 -0800\r
+Message-ID: <87wq4ltbma.fsf@servo.finestructure.net>\r
+MIME-Version: 1.0\r
+Content-Type: multipart/signed; boundary="=-=-=";\r
+       micalg=pgp-sha256; protocol="application/pgp-signature"\r
+X-BeenThere: notmuch@notmuchmail.org\r
+X-Mailman-Version: 2.1.13\r
+Precedence: list\r
+List-Id: "Use and development of the notmuch mail system."\r
+       <notmuch.notmuchmail.org>\r
+List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,\r
+       <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>\r
+List-Archive: <http://notmuchmail.org/pipermail/notmuch>\r
+List-Post: <mailto:notmuch@notmuchmail.org>\r
+List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>\r
+List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,\r
+       <mailto:notmuch-request@notmuchmail.org?subject=subscribe>\r
+X-List-Received-Date: Sat, 17 Jan 2015 20:07:17 -0000\r
+\r
+--=-=-=\r
+Content-Type: text/plain\r
+Content-Transfer-Encoding: quoted-printable\r
+\r
+On Sat, Jan 17 2015, David Bremner <david@tethera.net> wrote:\r
+> Generating the certs was very much trial and error.  The net of\r
+> a thousand lies may have led me astray a bit in that it may be\r
+> possible to do this all with gpgsm and avoid the dependency on\r
+> openssl. On the other hand, some tests is better than no tests.\r
+\r
+Hey, David.  Thanks so much for covering our butts and finally putting\r
+together these tests.\r
+\r
+They look good to me.  Unfortunately, one of the tests is failing for\r
+me, but I'm completely perplexed as to why:\r
+\r
+T355-smime: Testing S/MIME signature verification and decryption\r
+ PASS   Generate CA Cert\r
+ PASS   Generate User Cert\r
+ PASS   emacs delivery of S/MIME signed message\r
+ FAIL   Signature verification (openssl)\r
+       --- T355-smime.4.OUTPUT 2015-01-17 19:06:46.806054727 +0000\r
+       +++ T355-smime.4.EXPECTED       2015-01-17 19:06:46.806054727 +0000\r
+       @@ -1,4 +1,4 @@\r
+        Verification successful\r
+       -Content-Type: text/plain\r
+       -\r
+       -This is a test signed message.\r
+       +Content-Type: text/plain\r
+       +\r
+       +This is a test signed message.\r
+ PASS   signature verification (notmuch CLI)\r
+\r
+??  There's visually no difference between the supposedly diff'd text.\r
+A hd of the output files being compared shows that openssl is using a\r
+carriage return '0d' followed by line feed '0a' for every newline,\r
+in place of a simple line feed '0a' in the original message file:\r
+\r
+servo:~/src/notmuch/git [master*] 0$ hd test/tmp.T355-smime/T355-smime.4.EX=\r
+PECTED=20\r
+00000000  43 6f 6e 74 65 6e 74 2d  54 79 70 65 3a 20 74 65  |Content-Type: =\r
+te|\r
+00000010  78 74 2f 70 6c 61 69 6e  0a 0a 54 68 69 73 20 69  |xt/plain..This=\r
+ i|\r
+00000020  73 20 61 20 74 65 73 74  20 73 69 67 6e 65 64 20  |s a test signe=\r
+d |\r
+00000030  6d 65 73 73 61 67 65 2e  0a 56 65 72 69 66 69 63  |message..Verif=\r
+ic|\r
+00000040  61 74 69 6f 6e 20 73 75  63 63 65 73 73 66 75 6c  |ation successf=\r
+ul|\r
+00000050  0a                                                |.|\r
+00000051\r
+servo:~/src/notmuch/git [master*] 0$ hd test/tmp.T355-smime/T355-smime.4.OU=\r
+TPUT=20\r
+00000000  43 6f 6e 74 65 6e 74 2d  54 79 70 65 3a 20 74 65  |Content-Type: =\r
+te|\r
+00000010  78 74 2f 70 6c 61 69 6e  0d 0a 0d 0a 54 68 69 73  |xt/plain....Th=\r
+is|\r
+00000020  20 69 73 20 61 20 74 65  73 74 20 73 69 67 6e 65  | is a test sig=\r
+ne|\r
+00000030  64 20 6d 65 73 73 61 67  65 2e 0d 0a 56 65 72 69  |d message...Ve=\r
+ri|\r
+00000040  66 69 63 61 74 69 6f 6e  20 73 75 63 63 65 73 73  |fication succe=\r
+ss|\r
+00000050  66 75 6c 0a                                       |ful.|\r
+00000054\r
+servo:~/src/notmuch/git [master*] 0$=20\r
+\r
+Bad openssl.  (Daniel off stage screaming: "why aren't you using\r
+certtool!")\r
+\r
+I also noticed that the "Verification successful" string is not reliably\r
+being printed to stderr before the message output.\r
+\r
+Two possible patches to fix the problems are attached below.  The second\r
+is maybe slightly preferred, since it eliminates any reliance on broken\r
+openssl message output whatsoever.\r
+\r
+Thanks again for working on this, David.\r
+\r
+jamie.\r
+\r
+\r
+diff --git a/test/T355-smime.sh b/test/T355-smime.sh\r
+index 0e5fd4a..5e3ec72 100755\r
+=2D-- a/test/T355-smime.sh\r
++++ b/test/T355-smime.sh\r
+@@ -43,7 +43,9 @@ test_expect_success 'emacs delivery of S/MIME signed mes\r
+=20\r
+ test_begin_subtest "Signature verification (openssl)"\r
+ notmuch show --format=3Draw subject:"test signed message 001" |\\r
+=2D    openssl smime -verify -CAfile ca.crt >& OUTPUT\r
++    openssl smime -verify -CAfile ca.crt 2> OUTPUT\r
++notmuch show --format=3Draw subject:"test signed message 001" |\\r
++    openssl smime -verify -CAfile ca.crt | tr -d '\015' >> OUTPUT\r
+ cat <<EOF > EXPECTED\r
+ Verification successful\r
+ Content-Type: text/plain\r
+\r
+\r
+diff --git a/test/T355-smime.sh b/test/T355-smime.sh\r
+index 0e5fd4a..cba23e0 100755\r
+=2D-- a/test/T355-smime.sh\r
++++ b/test/T355-smime.sh\r
+@@ -43,12 +43,9 @@ test_expect_success 'emacs delivery of S/MIME signed me\r
+=20\r
+ test_begin_subtest "Signature verification (openssl)"\r
+ notmuch show --format=3Draw subject:"test signed message 001" |\\r
+=2D    openssl smime -verify -CAfile ca.crt >& OUTPUT\r
++    openssl smime -verify -CAfile ca.crt 2> OUTPUT\r
+ cat <<EOF > EXPECTED\r
+ Verification successful\r
+=2DContent-Type: text/plain\r
+=2D\r
+=2DThis is a test signed message.\r
+ EOF\r
+ test_expect_equal_file OUTPUT EXPECTED\r
+=20\r
+\r
+--=-=-=\r
+Content-Type: application/pgp-signature; name="signature.asc"\r
+\r
+-----BEGIN PGP SIGNATURE-----\r
+Version: GnuPG v1\r
+\r
+iQIcBAEBCAAGBQJUusDtAAoJEO00zqvie6q8d6MP/jIyCdqdd+KtyL8IJVc1W+OV\r
+96Fzru7r+Woiy27UgUCjdr3Nw1WYKIZYwOz1IXJg7o5sxGof9NtppSUNQrqIQK0t\r
+TIYHz6JqA82LgnW/fuzinLAtpHlm9iCwpJOs0vKHmAhIN4pzBZXRFe5tVhIUy1Pf\r
+xt6zNZ0bzZK0pyqVols3moVDxAP4BI2kSDbzVY1geYa9HyIs2m5aQYRKPTmFHnC+\r
+M8zvL0bMsSiVisvex5GLduKwHIxl6ZvnsL2GrEfr1QDz0TrEnkh/ZDN5/s2VFKXM\r
+maeMO7GrQw4fhmaq4ldmxJcxbqUlGND8kzvXWxwod9Wdj7QDDnGYrV3hkMFApNGj\r
+7hhjqq2LKFsawBzegsDsgpkAFtA4mF1g/O/1kd2cpe6z3bSPD4O2aVUmFDnFEABQ\r
+ytbf5ZdjnF+5mO59iIe3wvDD8JUWkLDd/B5Md8I4cNvxTSe7L5YTHd2PlH1gYeIi\r
+cyryDHEJAykNv+L9vglKYw4VsEpZ6S1QhlYHERUlvBUELV7i/xKXAD9WDBXi7lSB\r
+QxHwZz5aCm/XsCMNvSq7P32FjLX1aqGuDwD/xmb1vOOc0Xs3uORHa97R3bRlMAND\r
+MzNhw4zHtKRU0V9NusNUbuTKIg9COAlSeVsO1x1lfRUSg04AybYMZrxXLZuzadMi\r
+atsLuNZEFWUmnpfobM8q\r
+=+EsY\r
+-----END PGP SIGNATURE-----\r
+--=-=-=--\r