From 5d517e516255c317515c56003ca198f41be33fa2 Mon Sep 17 00:00:00 2001
From: Jameson Graef Rollins <jrollins@finestructure.net>
Date: Sun, 18 Jan 2015 12:07:09 +1600
Subject: [PATCH] Re: SMIME patches v3, with some tests

---
 82/14eb937737a4a31d4a7b1f1f179b233088da41 | 202 ++++++++++++++++++++++
 1 file changed, 202 insertions(+)
 create mode 100644 82/14eb937737a4a31d4a7b1f1f179b233088da41

diff --git a/82/14eb937737a4a31d4a7b1f1f179b233088da41 b/82/14eb937737a4a31d4a7b1f1f179b233088da41
new file mode 100644
index 000000000..7a797db69
--- /dev/null
+++ b/82/14eb937737a4a31d4a7b1f1f179b233088da41
@@ -0,0 +1,202 @@
+Return-Path: <jrollins@finestructure.net>
+X-Original-To: notmuch@notmuchmail.org
+Delivered-To: notmuch@notmuchmail.org
+Received: from localhost (localhost [127.0.0.1])
+	by olra.theworths.org (Postfix) with ESMTP id B926A431FC2
+	for <notmuch@notmuchmail.org>; Sat, 17 Jan 2015 12:07:17 -0800 (PST)
+X-Virus-Scanned: Debian amavisd-new at olra.theworths.org
+X-Spam-Flag: NO
+X-Spam-Score: 0.138
+X-Spam-Level: 
+X-Spam-Status: No, score=0.138 tagged_above=-999 required=5
+	tests=[DNS_FROM_AHBL_RHSBL=2.438, RCVD_IN_DNSWL_MED=-2.3]
+	autolearn=disabled
+Received: from olra.theworths.org ([127.0.0.1])
+	by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)
+	with ESMTP id noUzai8X2Wlr for <notmuch@notmuchmail.org>;
+	Sat, 17 Jan 2015 12:07:14 -0800 (PST)
+Received: from outgoing-mail.its.caltech.edu (outgoing-mail.its.caltech.edu
+	[131.215.239.19])
+	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
+	(No client certificate requested)
+	by olra.theworths.org (Postfix) with ESMTPS id 76823431FB6
+	for <notmuch@notmuchmail.org>; Sat, 17 Jan 2015 12:07:14 -0800 (PST)
+Received: from smtp02.caltech.edu (localhost [127.0.0.1])
+	by filter-return (Postfix) with ESMTP id 9DF606C02A4;
+	Sat, 17 Jan 2015 12:07:12 -0800 (PST)
+X-Spam-Scanned: at Caltech-IMSS on smtp02.caltech.edu by amavisd-new
+Received: from finestructure.net (cpe-104-173-172-86.socal.res.rr.com
+	[104.173.172.86])
+	(using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
+	(No client certificate requested) (Authenticated sender: jrollins)
+	by smtp-server.its.caltech.edu (Postfix) with ESMTPSA id 0A2936C0192;
+	Sat, 17 Jan 2015 12:07:12 -0800 (PST)
+Received: by finestructure.net (Postfix, from userid 1000)
+	id 94A9B60142; Sat, 17 Jan 2015 12:07:11 -0800 (PST)
+From: Jameson Graef Rollins <jrollins@finestructure.net>
+To: David Bremner <david@tethera.net>, Notmuch Mail <notmuch@notmuchmail.org>
+Subject: Re: SMIME patches v3, with some tests
+In-Reply-To: <1421491906-14542-1-git-send-email-david@tethera.net>
+References: <1395031944-15557-1-git-send-email-jrollins@finestructure.net>
+	<1421491906-14542-1-git-send-email-david@tethera.net>
+User-Agent: Notmuch/0.19+9~gdca38d0 (http://notmuchmail.org) Emacs/24.4.1
+	(x86_64-pc-linux-gnu)
+Date: Sat, 17 Jan 2015 12:07:09 -0800
+Message-ID: <87wq4ltbma.fsf@servo.finestructure.net>
+MIME-Version: 1.0
+Content-Type: multipart/signed; boundary="=-=-=";
+	micalg=pgp-sha256; protocol="application/pgp-signature"
+X-BeenThere: notmuch@notmuchmail.org
+X-Mailman-Version: 2.1.13
+Precedence: list
+List-Id: "Use and development of the notmuch mail system."
+	<notmuch.notmuchmail.org>
+List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,
+	<mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>
+List-Archive: <http://notmuchmail.org/pipermail/notmuch>
+List-Post: <mailto:notmuch@notmuchmail.org>
+List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
+List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,
+	<mailto:notmuch-request@notmuchmail.org?subject=subscribe>
+X-List-Received-Date: Sat, 17 Jan 2015 20:07:17 -0000
+
+--=-=-=
+Content-Type: text/plain
+Content-Transfer-Encoding: quoted-printable
+
+On Sat, Jan 17 2015, David Bremner <david@tethera.net> wrote:
+> Generating the certs was very much trial and error.  The net of
+> a thousand lies may have led me astray a bit in that it may be
+> possible to do this all with gpgsm and avoid the dependency on
+> openssl. On the other hand, some tests is better than no tests.
+
+Hey, David.  Thanks so much for covering our butts and finally putting
+together these tests.
+
+They look good to me.  Unfortunately, one of the tests is failing for
+me, but I'm completely perplexed as to why:
+
+T355-smime: Testing S/MIME signature verification and decryption
+ PASS   Generate CA Cert
+ PASS   Generate User Cert
+ PASS   emacs delivery of S/MIME signed message
+ FAIL   Signature verification (openssl)
+	--- T355-smime.4.OUTPUT	2015-01-17 19:06:46.806054727 +0000
+	+++ T355-smime.4.EXPECTED	2015-01-17 19:06:46.806054727 +0000
+	@@ -1,4 +1,4 @@
+	 Verification successful
+	-Content-Type: text/plain
+	-
+	-This is a test signed message.
+	+Content-Type: text/plain
+	+
+	+This is a test signed message.
+ PASS   signature verification (notmuch CLI)
+
+??  There's visually no difference between the supposedly diff'd text.
+A hd of the output files being compared shows that openssl is using a
+carriage return '0d' followed by line feed '0a' for every newline,
+in place of a simple line feed '0a' in the original message file:
+
+servo:~/src/notmuch/git [master*] 0$ hd test/tmp.T355-smime/T355-smime.4.EX=
+PECTED=20
+00000000  43 6f 6e 74 65 6e 74 2d  54 79 70 65 3a 20 74 65  |Content-Type: =
+te|
+00000010  78 74 2f 70 6c 61 69 6e  0a 0a 54 68 69 73 20 69  |xt/plain..This=
+ i|
+00000020  73 20 61 20 74 65 73 74  20 73 69 67 6e 65 64 20  |s a test signe=
+d |
+00000030  6d 65 73 73 61 67 65 2e  0a 56 65 72 69 66 69 63  |message..Verif=
+ic|
+00000040  61 74 69 6f 6e 20 73 75  63 63 65 73 73 66 75 6c  |ation successf=
+ul|
+00000050  0a                                                |.|
+00000051
+servo:~/src/notmuch/git [master*] 0$ hd test/tmp.T355-smime/T355-smime.4.OU=
+TPUT=20
+00000000  43 6f 6e 74 65 6e 74 2d  54 79 70 65 3a 20 74 65  |Content-Type: =
+te|
+00000010  78 74 2f 70 6c 61 69 6e  0d 0a 0d 0a 54 68 69 73  |xt/plain....Th=
+is|
+00000020  20 69 73 20 61 20 74 65  73 74 20 73 69 67 6e 65  | is a test sig=
+ne|
+00000030  64 20 6d 65 73 73 61 67  65 2e 0d 0a 56 65 72 69  |d message...Ve=
+ri|
+00000040  66 69 63 61 74 69 6f 6e  20 73 75 63 63 65 73 73  |fication succe=
+ss|
+00000050  66 75 6c 0a                                       |ful.|
+00000054
+servo:~/src/notmuch/git [master*] 0$=20
+
+Bad openssl.  (Daniel off stage screaming: "why aren't you using
+certtool!")
+
+I also noticed that the "Verification successful" string is not reliably
+being printed to stderr before the message output.
+
+Two possible patches to fix the problems are attached below.  The second
+is maybe slightly preferred, since it eliminates any reliance on broken
+openssl message output whatsoever.
+
+Thanks again for working on this, David.
+
+jamie.
+
+
+diff --git a/test/T355-smime.sh b/test/T355-smime.sh
+index 0e5fd4a..5e3ec72 100755
+=2D-- a/test/T355-smime.sh
++++ b/test/T355-smime.sh
+@@ -43,7 +43,9 @@ test_expect_success 'emacs delivery of S/MIME signed mes
+=20
+ test_begin_subtest "Signature verification (openssl)"
+ notmuch show --format=3Draw subject:"test signed message 001" |\
+=2D    openssl smime -verify -CAfile ca.crt >& OUTPUT
++    openssl smime -verify -CAfile ca.crt 2> OUTPUT
++notmuch show --format=3Draw subject:"test signed message 001" |\
++    openssl smime -verify -CAfile ca.crt | tr -d '\015' >> OUTPUT
+ cat <<EOF > EXPECTED
+ Verification successful
+ Content-Type: text/plain
+
+
+diff --git a/test/T355-smime.sh b/test/T355-smime.sh
+index 0e5fd4a..cba23e0 100755
+=2D-- a/test/T355-smime.sh
++++ b/test/T355-smime.sh
+@@ -43,12 +43,9 @@ test_expect_success 'emacs delivery of S/MIME signed me
+=20
+ test_begin_subtest "Signature verification (openssl)"
+ notmuch show --format=3Draw subject:"test signed message 001" |\
+=2D    openssl smime -verify -CAfile ca.crt >& OUTPUT
++    openssl smime -verify -CAfile ca.crt 2> OUTPUT
+ cat <<EOF > EXPECTED
+ Verification successful
+=2DContent-Type: text/plain
+=2D
+=2DThis is a test signed message.
+ EOF
+ test_expect_equal_file OUTPUT EXPECTED
+=20
+
+--=-=-=
+Content-Type: application/pgp-signature; name="signature.asc"
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQIcBAEBCAAGBQJUusDtAAoJEO00zqvie6q8d6MP/jIyCdqdd+KtyL8IJVc1W+OV
+96Fzru7r+Woiy27UgUCjdr3Nw1WYKIZYwOz1IXJg7o5sxGof9NtppSUNQrqIQK0t
+TIYHz6JqA82LgnW/fuzinLAtpHlm9iCwpJOs0vKHmAhIN4pzBZXRFe5tVhIUy1Pf
+xt6zNZ0bzZK0pyqVols3moVDxAP4BI2kSDbzVY1geYa9HyIs2m5aQYRKPTmFHnC+
+M8zvL0bMsSiVisvex5GLduKwHIxl6ZvnsL2GrEfr1QDz0TrEnkh/ZDN5/s2VFKXM
+maeMO7GrQw4fhmaq4ldmxJcxbqUlGND8kzvXWxwod9Wdj7QDDnGYrV3hkMFApNGj
+7hhjqq2LKFsawBzegsDsgpkAFtA4mF1g/O/1kd2cpe6z3bSPD4O2aVUmFDnFEABQ
+ytbf5ZdjnF+5mO59iIe3wvDD8JUWkLDd/B5Md8I4cNvxTSe7L5YTHd2PlH1gYeIi
+cyryDHEJAykNv+L9vglKYw4VsEpZ6S1QhlYHERUlvBUELV7i/xKXAD9WDBXi7lSB
+QxHwZz5aCm/XsCMNvSq7P32FjLX1aqGuDwD/xmb1vOOc0Xs3uORHa97R3bRlMAND
+MzNhw4zHtKRU0V9NusNUbuTKIg9COAlSeVsO1x1lfRUSg04AybYMZrxXLZuzadMi
+atsLuNZEFWUmnpfobM8q
+=+EsY
+-----END PGP SIGNATURE-----
+--=-=-=--
-- 
2.26.2