Revision: miles@gnu.org--gnu-2005/gnus--devo--0--patch-37

[gnus] / lisp / smime.el

diff --git a/lisp/smime.el b/lisp/smime.el
index 7dc6b52..68eb030 100644 (file)
--- a/lisp/smime.el
+++ b/lisp/smime.el
@@ -119,7 +119,6 @@
 ;;; Code:
 
 (require 'dig)
-(require 'comint)
 (eval-when-compile (require 'cl))
 
 (defgroup smime nil
@@ -151,6 +150,7 @@ certificate."
 (defcustom smime-CA-file nil
   "*Files containing certificates for CAs you trust.
 File should contain certificates in PEM format."
+  :version "22.1"
   :type '(choice (const :tag "none" nil)
                 file)
   :group 'smime)
@@ -178,6 +178,7 @@ and the files themself should be in PEM format."
 
 (defcustom smime-encrypt-cipher "-des3"
   "*Cipher algorithm used for encryption."
+  :version "22.1"
   :type '(choice (const :tag "Triple DES" "-des3")
                 (const :tag "DES"  "-des")
                 (const :tag "RC2 40 bits" "-rc2-40")
@@ -185,9 +186,31 @@ and the files themself should be in PEM format."
                 (const :tag "RC2 128 bits" "-rc2-128"))
   :group 'smime)
 
+(defcustom smime-crl-check nil
+  "*Check revocation status of signers certificate using CRLs.
+Enabling this will have OpenSSL check the signers certificate
+against a certificate revocation list (CRL).
+
+For this to work the CRL must be up-to-date and since they are
+normally updated quite often (ie. several times a day) you
+probably need some tool to keep them up-to-date. Unfortunately
+Gnus cannot do this for you.
+
+The CRL should either be appended (in PEM format) to your
+`smime-CA-file' or be located in a file (also in PEM format) in
+your `smime-certificate-directory' named to the X.509 hash of the
+certificate with .r0 as file name extension.
+
+At least OpenSSL version 0.9.7 is required for this to work."
+  :type '(choice (const :tag "No check" nil)
+                (const :tag "Check certificate" "-crl_check")
+                (const :tag "Check certificate chain" "-crl_check_all"))
+  :group 'smime)
+
 (defcustom smime-dns-server nil
   "*DNS server to query certificates from.
 If nil, use system defaults."
+  :version "22.1"
   :type '(choice (const :tag "System defaults")
                 string)
   :group 'smime)
@@ -211,8 +234,8 @@ If nil, use system defaults."
 (defun smime-ask-passphrase ()
   "Asks the passphrase to unlock the secret key."
   (let ((passphrase
-        (comint-read-noecho
-         "Passphrase for secret key (RET for no passphrase): " t)))
+        (read-passwd
+         "Passphrase for secret key (RET for no passphrase): ")))
     (if (string= passphrase "")
        nil
       passphrase)))
@@ -349,6 +372,8 @@ Any details (stdout and stderr) are left in the buffer specified by
                               (expand-file-name smime-CA-directory))))))
     (unless CAs
       (error "No CA configured"))
+    (if smime-crl-check
+       (add-to-list 'CAs smime-crl-check))
     (if (apply 'smime-call-openssl-region b e (list smime-details-buffer t)
               "smime" "-verify" "-out" "/dev/null" CAs)
        t
@@ -490,20 +515,13 @@ A string or a list of strings is returned."
            (caddr curkey)
          (smime-get-certfiles keyfile otherkeys)))))
 
-;; Use mm-util?
-(eval-and-compile
-  (defalias 'smime-point-at-eol
-    (if (fboundp 'point-at-eol)
-       'point-at-eol
-      'line-end-position)))
-
 (defun smime-buffer-as-string-region (b e)
   "Return each line in region between B and E as a list of strings."
   (save-excursion
     (goto-char b)
     (let (res)
       (while (< (point) e)
-       (let ((str (buffer-substring (point) (smime-point-at-eol))))
+       (let ((str (buffer-substring (point) (point-at-eol))))
          (unless (string= "" str)
            (push str res)))
        (forward-line))
@@ -618,4 +636,5 @@ The following commands are available:
 
 (provide 'smime)
 
+;;; arch-tag: e3f9b938-5085-4510-8a11-6625269c9a9e
 ;;; smime.el ends here