+2001-01-15 Simon Josefsson <simon@josefsson.org>
+
+ * mml-smime.el (mml-smime-sign): Place user in customize buffer if
+ there aren't any keys.
+ (mml-smime-verify): If smime-CA-{file,directory} set, also try to
+ verify certificate. Default is changed to only check integrity.
+ Improved security status texts. If a certificate doesn't contain
+ a email address, don't fail.
+
+ * smime.el (smime-noverify-region):
+ (smime-noverify-buffer): New functions. Verifies integrity only.
+
2001-01-12 22:00:00 ShengHuo ZHU <zsh@cs.rochester.edu>
* gnus-group.el (gnus-group-sort-by-score): Reverse order.
(require 'mm-decode)
(defun mml-smime-sign (cont)
+ (when (null smime-keys)
+ (customize-variable 'smime-keys)
+ (error "No S/MIME keys configured, use customize to add your key"))
(smime-sign-buffer (cdr (assq 'keyfile cont))))
(defun mml-smime-encrypt (cont)
(when (get-buffer smime-details-buffer)
(kill-buffer smime-details-buffer))
(let ((buf (current-buffer))
- (good-signature (smime-verify-buffer))
+ (good-signature (smime-noverify-buffer))
+ (good-certificate (and (or smime-CA-file smime-CA-directory)
+ (smime-verify-buffer)))
addresses openssl-output)
(setq openssl-output (with-current-buffer smime-details-buffer
(buffer-string)))
(insert-buffer-substring buf)
(goto-char (point-min))
(while (re-search-forward "-----END CERTIFICATE-----" nil t)
- (smime-pkcs7-email-region (point-min) (point))
- (setq addresses (append (smime-buffer-as-string-region
- (point-min) (point)) addresses))
- (delete-region (point-min) (point)))))
- (if (not (member mm-security-from addresses))
+ (when (smime-pkcs7-email-region (point-min) (point))
+ (setq addresses (append (smime-buffer-as-string-region
+ (point-min) (point)) addresses)))
+ (delete-region (point-min) (point)))
+ (setq addresses (mapcar 'downcase addresses))))
+ (if (not (member (downcase mm-security-from) addresses))
(mm-set-handle-multipart-parameter
- mm-security-handle 'gnus-info "Sender forged")
- (mm-set-handle-multipart-parameter
- mm-security-handle 'gnus-info "OK"))
+ mm-security-handle 'gnus-info "Sender address forged")
+ (if good-certificate
+ (mm-set-handle-multipart-parameter
+ mm-security-handle 'gnus-info "Ok (sender authenticated)")
+ (mm-set-handle-multipart-parameter
+ mm-security-handle 'gnus-info "Integrity OK (sender unknown)")))
(mm-set-handle-multipart-parameter
mm-security-handle 'gnus-details
(concat "Sender clamed to be: " mm-security-from "\n"
(if addresses
(concat "Addresses in certificate: "
(mapconcat 'identity addresses ", "))
- "No addresses found in certificate.")
+ "No addresses found in certificate. (Requires OpenSSL 0.9.6 or later.)")
"\n" "\n"
"OpenSSL output:\n"
"---------------\n" openssl-output "\n"
(message "S/MIME message NOT verified successfully.")
nil)))
+(defun smime-noverify-region (b e)
+ (let ((buffer (get-buffer-create smime-details-buffer)))
+ (with-current-buffer buffer
+ (erase-buffer))
+ (if (apply 'smime-call-openssl-region b e buffer "smime" "-verify"
+ "-noverify" "-out" '("/dev/null"))
+ (message "S/MIME message verified succesfully.")
+ (message "S/MIME message NOT verified successfully.")
+ nil)))
+
(defun smime-decrypt-region (b e keyfile)
(let ((buffer (generate-new-buffer (generate-new-buffer-name "*smime*")))
CAs)
(with-current-buffer (or buffer (current-buffer))
(smime-verify-region (point-min) (point-max))))
+(defun smime-noverify-buffer (&optional buffer)
+ "Verify integrity of S/MIME message in BUFFER.
+Uses current buffer if BUFFER is nil.
+Does NOT verify validity of certificate."
+ (interactive)
+ (with-current-buffer (or buffer (current-buffer))
+ (smime-noverify-region (point-min) (point-max))))
+
(defun smime-decrypt-buffer (&optional buffer keyfile)
"Decrypt S/MIME message in BUFFER using KEYFILE.
Uses current buffer if BUFFER is nil, queries user of KEYFILE is nil."