From c06127c65888ae807e77e56eea77d1e6ae5ff118 Mon Sep 17 00:00:00 2001
From: Simon Josefsson <jas@extundo.com>
Date: Mon, 15 Jan 2001 16:54:56 +0000
Subject: [PATCH] 2001-01-15  Simon Josefsson  <simon@josefsson.org>

	* mml-smime.el (mml-smime-sign): Place user in customize buffer if
	there aren't any keys.
	(mml-smime-verify): If smime-CA-{file,directory} set, also try to
	verify certificate.  Default is changed to only check integrity.
	Improved security status texts.  If a certificate doesn't contain
	a email address, don't fail.

	* smime.el (smime-noverify-region):
	(smime-noverify-buffer): New functions.  Verifies integrity only.
---
 lisp/ChangeLog    | 12 ++++++++++++
 lisp/mml-smime.el | 29 +++++++++++++++++++----------
 lisp/smime.el     | 18 ++++++++++++++++++
 3 files changed, 49 insertions(+), 10 deletions(-)

diff --git a/lisp/ChangeLog b/lisp/ChangeLog
index c23649dd4..68512724c 100644
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
@@ -1,3 +1,15 @@
+2001-01-15  Simon Josefsson  <simon@josefsson.org>
+
+	* mml-smime.el (mml-smime-sign): Place user in customize buffer if
+	there aren't any keys.
+	(mml-smime-verify): If smime-CA-{file,directory} set, also try to
+	verify certificate.  Default is changed to only check integrity.
+	Improved security status texts.  If a certificate doesn't contain
+	a email address, don't fail.
+	
+	* smime.el (smime-noverify-region):
+	(smime-noverify-buffer): New functions.  Verifies integrity only.
+
 2001-01-12 22:00:00  ShengHuo ZHU  <zsh@cs.rochester.edu>
 
 	* gnus-group.el (gnus-group-sort-by-score): Reverse order.
diff --git a/lisp/mml-smime.el b/lisp/mml-smime.el
index 835516ab9..7ebc439a1 100644
--- a/lisp/mml-smime.el
+++ b/lisp/mml-smime.el
@@ -29,6 +29,9 @@
 (require 'mm-decode)
 
 (defun mml-smime-sign (cont)
+  (when (null smime-keys)
+    (customize-variable 'smime-keys)
+    (error "No S/MIME keys configured, use customize to add your key"))
   (smime-sign-buffer (cdr (assq 'keyfile cont))))
 
 (defun mml-smime-encrypt (cont)
@@ -130,7 +133,9 @@
     (when (get-buffer smime-details-buffer)
       (kill-buffer smime-details-buffer))
     (let ((buf (current-buffer))
-	  (good-signature (smime-verify-buffer))
+	  (good-signature (smime-noverify-buffer))
+	  (good-certificate (and (or smime-CA-file smime-CA-directory)
+				 (smime-verify-buffer)))
 	  addresses openssl-output)
       (setq openssl-output (with-current-buffer smime-details-buffer
 			     (buffer-string)))
@@ -151,22 +156,26 @@
 	    (insert-buffer-substring buf)
 	    (goto-char (point-min))
 	    (while (re-search-forward "-----END CERTIFICATE-----" nil t)
-	      (smime-pkcs7-email-region (point-min) (point))
-	      (setq addresses (append (smime-buffer-as-string-region
-				       (point-min) (point)) addresses))
-	      (delete-region (point-min) (point)))))
-	(if (not (member mm-security-from addresses))
+	      (when (smime-pkcs7-email-region (point-min) (point))
+		(setq addresses (append (smime-buffer-as-string-region
+					 (point-min) (point)) addresses)))
+	      (delete-region (point-min) (point)))
+	    (setq addresses (mapcar 'downcase addresses))))
+	(if (not (member (downcase mm-security-from) addresses))
 	    (mm-set-handle-multipart-parameter 
-	     mm-security-handle 'gnus-info "Sender forged")
-	  (mm-set-handle-multipart-parameter 
-	   mm-security-handle 'gnus-info "OK"))
+	     mm-security-handle 'gnus-info "Sender address forged")
+	  (if good-certificate
+	      (mm-set-handle-multipart-parameter 
+	       mm-security-handle 'gnus-info "Ok (sender authenticated)")
+	    (mm-set-handle-multipart-parameter
+	     mm-security-handle 'gnus-info "Integrity OK (sender unknown)")))
 	(mm-set-handle-multipart-parameter
 	 mm-security-handle 'gnus-details 
 	 (concat "Sender clamed to be: " mm-security-from "\n"
 		 (if addresses
 		     (concat "Addresses in certificate: " 
 			     (mapconcat 'identity addresses ", "))
-		   "No addresses found in certificate.")
+		   "No addresses found in certificate. (Requires OpenSSL 0.9.6 or later.)")
 		 "\n" "\n" 
 		 "OpenSSL output:\n" 
 		 "---------------\n" openssl-output "\n"
diff --git a/lisp/smime.el b/lisp/smime.el
index 0653b568d..33f3cf941 100644
--- a/lisp/smime.el
+++ b/lisp/smime.el
@@ -260,6 +260,16 @@ nil."
       (message "S/MIME message NOT verified successfully.")
       nil)))
 
+(defun smime-noverify-region (b e)
+  (let ((buffer (get-buffer-create smime-details-buffer)))
+    (with-current-buffer buffer
+      (erase-buffer))
+    (if (apply 'smime-call-openssl-region b e buffer "smime" "-verify" 
+	       "-noverify" "-out" '("/dev/null"))
+	(message "S/MIME message verified succesfully.")
+      (message "S/MIME message NOT verified successfully.")
+      nil)))
+
 (defun smime-decrypt-region (b e keyfile)
   (let ((buffer (generate-new-buffer (generate-new-buffer-name "*smime*")))
 	CAs)
@@ -281,6 +291,14 @@ Uses current buffer if BUFFER is nil."
   (with-current-buffer (or buffer (current-buffer))
     (smime-verify-region (point-min) (point-max))))
 
+(defun smime-noverify-buffer (&optional buffer)
+  "Verify integrity of S/MIME message in BUFFER.
+Uses current buffer if BUFFER is nil.
+Does NOT verify validity of certificate."
+  (interactive)
+  (with-current-buffer (or buffer (current-buffer))
+    (smime-noverify-region (point-min) (point-max))))
+
 (defun smime-decrypt-buffer (&optional buffer keyfile)
   "Decrypt S/MIME message in BUFFER using KEYFILE.
 Uses current buffer if BUFFER is nil, queries user of KEYFILE is nil."
-- 
2.25.1