;;; mml-smime.el --- S/MIME support for MML
-;; Copyright (c) 2000 Free Software Foundation, Inc.
+;; Copyright (c) 2000, 2001, 2003 Free Software Foundation, Inc.
;; Author: Simon Josefsson <simon@josefsson.org>
;; Keywords: Gnus, MIME, S/MIME, MML
-;; This file is a part of GNU Emacs.
+;; This file is part of GNU Emacs.
;; GNU Emacs is free software; you can redistribute it and/or modify
;; it under the terms of the GNU General Public License as published
(require 'smime)
(require 'mm-decode)
+(autoload 'message-narrow-to-headers "message")
(defun mml-smime-sign (cont)
(when (null smime-keys)
(customize-variable 'smime-keys)
(error "No S/MIME keys configured, use customize to add your key"))
- (smime-sign-buffer (cdr (assq 'keyfile cont))))
+ (smime-sign-buffer (cdr (assq 'keyfile cont)))
+ (goto-char (point-max)))
(defun mml-smime-encrypt (cont)
(let (certnames certfiles tmp file tmpfiles)
(if (not (and (not (file-exists-p tmp))
(get-buffer tmp)))
(push tmp certfiles)
- (setq file (make-temp-name mm-tmp-directory))
+ (setq file (mm-make-temp-file (expand-file-name "mml."
+ mm-tmp-directory)))
(with-current-buffer tmp
(write-region (point-min) (point-max) file))
(push file certfiles)
t)
(while (setq tmp (pop tmpfiles))
(delete-file tmp))
- nil)))
+ nil))
+ (goto-char (point-max)))
(defun mml-smime-sign-query ()
;; query information (what certificate) from user when MML tag is
(smime-get-key-by-email
(completing-read "Sign this part with what signature? "
smime-keys nil nil
- (and (listp (car-safe smime-keys))
+ (and (listp (car-safe smime-keys))
(caar smime-keys))))))))
(defun mml-smime-get-file-cert ()
(while (not result)
(setq who (read-from-minibuffer
(format "%sLookup certificate for: " (or bad ""))
- (cadr (funcall gnus-extract-address-components
+ (cadr (funcall gnus-extract-address-components
(or (save-excursion
(save-restriction
(message-narrow-to-headers)
;; todo: try dns/ldap automatically first, before prompting user
(let (certs done)
(while (not done)
- (ecase (read (gnus-completing-read "dns" "Fetch certificate from"
- '(("dns") ("file")) nil t))
+ (ecase (read (gnus-completing-read-with-default
+ "dns" "Fetch certificate from"
+ '(("dns") ("file")) nil t))
(dns (setq certs (append certs
(mml-smime-get-dns-cert))))
(file (setq certs (append certs
(defun mml-smime-verify (handle ctl)
(with-temp-buffer
- (insert-buffer (mm-handle-multipart-original-buffer ctl))
+ (insert-buffer-substring (mm-handle-multipart-original-buffer ctl))
(goto-char (point-min))
(insert (format "Content-Type: %s; " (mm-handle-media-type ctl)))
- (insert (format "protocol=\"%s\"; "
+ (insert (format "protocol=\"%s\"; "
(mm-handle-multipart-ctl-parameter ctl 'protocol)))
- (insert (format "micalg=\"%s\"; "
+ (insert (format "micalg=\"%s\"; "
(mm-handle-multipart-ctl-parameter ctl 'micalg)))
(insert (format "boundary=\"%s\"\n\n"
(mm-handle-multipart-ctl-parameter ctl 'boundary)))
(if (not good-signature)
(progn
;; we couldn't verify message, fail with openssl output as message
- (mm-set-handle-multipart-parameter
+ (mm-set-handle-multipart-parameter
mm-security-handle 'gnus-info "Failed")
(mm-set-handle-multipart-parameter
- mm-security-handle 'gnus-details
- (concat "OpenSSL failed to verify message:\n"
- "---------------------------------\n"
+ mm-security-handle 'gnus-details
+ (concat "OpenSSL failed to verify message integrity:\n"
+ "-------------------------------------------\n"
openssl-output)))
;; verify mail addresses in mail against those in certificate
(when (and (smime-pkcs7-region (point-min) (point-max))
(point-min) (point)) addresses)))
(delete-region (point-min) (point)))
(setq addresses (mapcar 'downcase addresses))))
- (if (not (member (downcase mm-security-from) addresses))
- (mm-set-handle-multipart-parameter
+ (if (not (member (downcase (or (mm-handle-multipart-from ctl) "")) addresses))
+ (mm-set-handle-multipart-parameter
mm-security-handle 'gnus-info "Sender address forged")
(if good-certificate
- (mm-set-handle-multipart-parameter
+ (mm-set-handle-multipart-parameter
mm-security-handle 'gnus-info "Ok (sender authenticated)")
(mm-set-handle-multipart-parameter
- mm-security-handle 'gnus-info "Integrity OK (sender unknown)")))
+ mm-security-handle 'gnus-info "Ok (sender not trusted)")))
(mm-set-handle-multipart-parameter
- mm-security-handle 'gnus-details
- (concat "Sender clamed to be: " mm-security-from "\n"
+ mm-security-handle 'gnus-details
+ (concat "Sender claimed to be: " (mm-handle-multipart-from ctl) "\n"
(if addresses
- (concat "Addresses in certificate: "
+ (concat "Addresses in certificate: "
(mapconcat 'identity addresses ", "))
"No addresses found in certificate. (Requires OpenSSL 0.9.6 or later.)")
- "\n" "\n"
- "OpenSSL output:\n"
+ "\n" "\n"
+ "OpenSSL output:\n"
"---------------\n" openssl-output "\n"
"Certificate(s) inside S/MIME signature:\n"
"---------------------------------------\n"