From debbugs-submit-bounces@debbugs.gnu.org Sat Jun 14 12:59:19 2014
Received: (at submit) by debbugs.gnu.org; 14 Jun 2014 16:59:19 +0000
Received: from localhost ([127.0.0.1]:47914 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1WvrIU-00064d-Ex
	for submit@debbugs.gnu.org; Sat, 14 Jun 2014 12:59:19 -0400
Received: from nine.vfemail.net ([108.76.175.9]:57309 helo=vfemail.net)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <jbeich@vfemail.net>) id 1Wvn9f-0005FB-KD
 for submit@debbugs.gnu.org; Sat, 14 Jun 2014 08:33:56 -0400
Received: (qmail 803 invoked by uid 89); 14 Jun 2014 12:33:54 -0000
Received: from localhost (HELO freequeue.vfemail.net) (127.0.0.1)
 by localhost with (DHE-RSA-AES256-SHA encrypted) SMTP;
 14 Jun 2014 12:33:54 -0000
Received: (qmail 785 invoked by uid 89); 14 Jun 2014 12:33:37 -0000
Received: by simscan 1.3.1 ppid: 783, pid: 784, t: 0.1009s scanners:none
Received: from unknown (HELO smtp102-2.vfemail.net) (172.16.100.62)
 by FreeQueue with SMTP; 14 Jun 2014 12:33:36 -0000
Received: (qmail 25459 invoked by uid 89); 14 Jun 2014 12:33:36 -0000
Received: by simscan 1.4.0 ppid: 25436, pid: 25449, t: 0.7141s scanners:none
Received: from unknown (HELO nil) (amJlaWNoQHZmZW1haWwubmV0@172.16.100.27)
 by 172.16.100.62 with ESMTPA; 14 Jun 2014 12:33:36 -0000
From: Jan Beich <jbeich@vfemail.net>
To: submit@debbugs.gnu.org (The Gnus Bugfixing Girls + Boys)
Subject: mml-smime/openssl fails to include intermediate certificates
Date: Sat, 14 Jun 2014 14:31:39 +0200
Message-ID: <ppib-lljo-wny@vfemail.net>
X-Debbugs-Version: 5.13
X-Debbugs-Package: gnus
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: -1.4 (-)
X-Debbugs-Envelope-To: submit
X-Mailman-Approved-At: Sat, 14 Jun 2014 12:59:16 -0400
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.4 (-)

mml-smime-openssl-sign-query only returns user certificate from
smime-keys. If user certificate requires other intermediate
certificates to verify it mml-smime-openssl-sign doesn't include them
when signing a message. Later, upon reading such message openssl
binary fails with

  Verification failure
  34380500552:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error:openssl/crypto/pkcs7/pk7_smime.c:342:Verify error:unable to get local issuer certificate

To reproduce compose a mail with C-c RET S s (mml-secure-sign-smime) using
the following settings, send it and read while looking at S/MIME button.

  ;; adapted from http://www.emacswiki.org/emacs/GnusSMIME
  (setq mm-verify-option 'always)
  (setq gnus-buttonized-mime-types '("multipart/signed"))
  (setq mml-smime-use 'openssl)
  (setq smime-CA-file "/etc/ssl/cert.pem")
  (setq smime-keys '(("foo@bar" "~/mycert.pem"
                         ("~/mychain.pem"))))

Here's a quick workaround.

diff --git a/lisp/gnus/mml-smime.el b/lisp/gnus/mml-smime.el
index caa1380..0fde8f5 100644
--- a/lisp/gnus/mml-smime.el
+++ b/lisp/gnus/mml-smime.el
@@ -118,9 +118,9 @@
 (defun mml-smime-openssl-sign (cont)
   (when (null smime-keys)
     (customize-variable 'smime-keys)
     (error "No S/MIME keys configured, use customize to add your key"))
-  (smime-sign-buffer (cdr (assq 'keyfile cont)))
+  (smime-sign-buffer (cdar smime-keys))
   (goto-char (point-min))
   (while (search-forward "\r\n" nil t)
     (replace-match "\n" t t))
   (goto-char (point-max)))

-------------------------------------------------

VFEmail.net - http://www.vfemail.net
ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands!
$24.95 ONETIME Lifetime accounts with Privacy Features!  
15GB disk! No bandwidth quotas!
Commercial and Bulk Mail Options!  




From debbugs-submit-bounces@debbugs.gnu.org Wed Jan 25 12:45:21 2017
Received: (at 17780) by debbugs.gnu.org; 25 Jan 2017 17:45:21 +0000
Received: from localhost ([127.0.0.1]:43247 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1cWRdI-0005xA-N9
	for submit@debbugs.gnu.org; Wed, 25 Jan 2017 12:45:21 -0500
Received: from hermes.netfonds.no ([80.91.224.195]:42458)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <larsi@gnus.org>) id 1cWRdG-0005u7-GP
 for 17780@debbugs.gnu.org; Wed, 25 Jan 2017 12:45:18 -0500
Received: from 2.150.50.220.tmi.telenormobil.no ([2.150.50.220] helo=mouse)
 by hermes.netfonds.no with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.84_2) (envelope-from <larsi@gnus.org>)
 id 1cWRdD-0000YZ-JO; Wed, 25 Jan 2017 18:45:17 +0100
From: Lars Ingebrigtsen <larsi@gnus.org>
To: Jan Beich <jbeich@vfemail.net>
Subject: Re: bug#17780: mml-smime/openssl fails to include intermediate
 certificates
In-Reply-To: <ppib-lljo-wny@vfemail.net> (Jan Beich's message of "Sat, 14 Jun
 2014 14:31:39 +0200")
Date: Wed, 25 Jan 2017 18:44:08 +0100
Message-ID: <871svrrq53.fsf@gnus.org>
References: <ppib-lljo-wny@vfemail.net>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.0.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 17780
Cc: 17780@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: 0.0 (/)

Jan Beich <jbeich@vfemail.net> writes:

> mml-smime-openssl-sign-query only returns user certificate from
> smime-keys. If user certificate requires other intermediate
> certificates to verify it mml-smime-openssl-sign doesn't include them
> when signing a message. Later, upon reading such message openssl
> binary fails with
>
>   Verification failure
>   34380500552:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error:openssl/crypto/pkcs7/pk7_smime.c:342:Verify error:unable to get local issuer certificate
>
> To reproduce compose a mail with C-c RET S s (mml-secure-sign-smime) using
> the following settings, send it and read while looking at S/MIME button.
>
>   ;; adapted from http://www.emacswiki.org/emacs/GnusSMIME
>   (setq mm-verify-option 'always)
>   (setq gnus-buttonized-mime-types '("multipart/signed"))
>   (setq mml-smime-use 'openssl)
>   (setq smime-CA-file "/etc/ssl/cert.pem")
>   (setq smime-keys '(("foo@bar" "~/mycert.pem"
>                          ("~/mychain.pem"))))
>
> Here's a quick workaround.
>
> diff --git a/lisp/gnus/mml-smime.el b/lisp/gnus/mml-smime.el
> index caa1380..0fde8f5 100644
> --- a/lisp/gnus/mml-smime.el
> +++ b/lisp/gnus/mml-smime.el
> @@ -118,9 +118,9 @@
>  (defun mml-smime-openssl-sign (cont)
>    (when (null smime-keys)
>      (customize-variable 'smime-keys)
>      (error "No S/MIME keys configured, use customize to add your key"))
> -  (smime-sign-buffer (cdr (assq 'keyfile cont)))
> +  (smime-sign-buffer (cdar smime-keys))
>    (goto-char (point-min))
>    (while (search-forward "\r\n" nil t)
>      (replace-match "\n" t t))
>    (goto-char (point-max)))

Sorry for the late response; the bug report has been sitting in a part
of the bug tracker that nobody has looked at due to a misunderstanding.

I'm not familiar at all with the smime code, so I can't really say
whether this change is the best one.  Are there any adverse side-effects
to this change?

Does anybody who knows this code want to weigh in?

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no




From debbugs-submit-bounces@debbugs.gnu.org Wed Jan 25 12:45:12 2017
Received: (at control) by debbugs.gnu.org; 25 Jan 2017 17:45:12 +0000
Received: from localhost ([127.0.0.1]:43244 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1cWRdA-0005oa-G4
	for submit@debbugs.gnu.org; Wed, 25 Jan 2017 12:45:12 -0500
Received: from hermes.netfonds.no ([80.91.224.195]:42452)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <larsi@gnus.org>) id 1cWRd8-0005le-08
 for control@debbugs.gnu.org; Wed, 25 Jan 2017 12:45:10 -0500
Received: from 2.150.50.220.tmi.telenormobil.no ([2.150.50.220] helo=mouse)
 by hermes.netfonds.no with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.84_2) (envelope-from <larsi@gnus.org>) id 1cWRd5-0008Ku-8a
 for control@debbugs.gnu.org; Wed, 25 Jan 2017 18:45:09 +0100
From: Lars Ingebrigtsen <larsi@gnus.org>
To: control@debbugs.gnu.org
Subject: control message for bug #17780
Message-ID: <8760l3rqaq.fsf@totally-fudged-out-message-id>
Date: Wed, 25 Jan 2017 18:45:01 +0100
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.0.50 (gnu/linux)
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: control
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: 0.0 (/)

reassign 17780 emacs,gnus




From debbugs-submit-bounces@debbugs.gnu.org Mon Sep 23 16:13:09 2019
Received: (at 17780) by debbugs.gnu.org; 23 Sep 2019 20:13:09 +0000
Received: from localhost ([127.0.0.1]:37144 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1iCUhp-0004YE-Ci
	for submit@debbugs.gnu.org; Mon, 23 Sep 2019 16:13:09 -0400
Received: from quimby.gnus.org ([80.91.231.51]:44422)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <larsi@gnus.org>) id 1iCUhl-0004Y0-Hk
 for 17780@debbugs.gnu.org; Mon, 23 Sep 2019 16:13:07 -0400
Received: from cm-84.212.202.86.getinternet.no ([84.212.202.86] helo=marnie)
 by quimby.gnus.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.89) (envelope-from <larsi@gnus.org>)
 id 1iCUhh-00034Z-GW; Mon, 23 Sep 2019 22:13:03 +0200
From: Lars Ingebrigtsen <larsi@gnus.org>
To: Jan Beich <jbeich@vfemail.net>
Subject: Re: bug#17780: mml-smime/openssl fails to include intermediate
 certificates
References: <ppib-lljo-wny@vfemail.net>
Date: Mon, 23 Sep 2019 22:13:01 +0200
In-Reply-To: <ppib-lljo-wny@vfemail.net> (Jan Beich's message of "Sat, 14 Jun
 2014 14:31:39 +0200")
Message-ID: <878sqewz3m.fsf@gnus.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Report: Spam detection software, running on the system "quimby.gnus.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 @@CONTACT_ADDRESS@@ for details.
 Content preview: Jan Beich <jbeich@vfemail.net> writes: > (defun
 mml-smime-openssl-sign
 (cont) > (when (null smime-keys) > (customize-variable 'smime-keys) > (error
 "No S/MIME keys configured,
 use customize to add your key")) > - (smime-sign-buffer
 (cdr (a [...] 
 Content analysis details:   (-2.9 points, 5.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -1.0 ALL_TRUSTED            Passed through trusted hosts only via SMTP
 -1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
 [score: 0.0000]
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 17780
Cc: 17780@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Jan Beich <jbeich@vfemail.net> writes:

>  (defun mml-smime-openssl-sign (cont)
>    (when (null smime-keys)
>      (customize-variable 'smime-keys)
>      (error "No S/MIME keys configured, use customize to add your key"))
> -  (smime-sign-buffer (cdr (assq 'keyfile cont)))
> +  (smime-sign-buffer (cdar smime-keys))
>    (goto-char (point-min))

I've tried to follow the logic of the code here, and I think this looks
correct: (assq 'keyfile cont) has only they first key, while (cdar
smime-keys) has all the keys (for this identifier).

So I've applied this patch to the Emacs trunk now.  There may be
repercussions I'm not seeing, though, so feel free to revert.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no




From debbugs-submit-bounces@debbugs.gnu.org Mon Sep 23 16:13:13 2019
Received: (at control) by debbugs.gnu.org; 23 Sep 2019 20:13:13 +0000
Received: from localhost ([127.0.0.1]:37147 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1iCUhs-0004YV-Ov
	for submit@debbugs.gnu.org; Mon, 23 Sep 2019 16:13:12 -0400
Received: from quimby.gnus.org ([80.91.231.51]:44436)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <larsi@gnus.org>) id 1iCUhr-0004YN-0N
 for control@debbugs.gnu.org; Mon, 23 Sep 2019 16:13:11 -0400
Received: from cm-84.212.202.86.getinternet.no ([84.212.202.86] helo=marnie)
 by quimby.gnus.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.89) (envelope-from <larsi@gnus.org>) id 1iCUho-00034k-9U
 for control@debbugs.gnu.org; Mon, 23 Sep 2019 22:13:10 +0200
Date: Mon, 23 Sep 2019 22:13:07 +0200
Message-Id: <877e5ywz3g.fsf@gnus.org>
To: control@debbugs.gnu.org
From: Lars Ingebrigtsen <larsi@gnus.org>
Subject: control message for bug #17780
X-Spam-Report: Spam detection software, running on the system "quimby.gnus.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 @@CONTACT_ADDRESS@@ for details.
 Content preview:  tags 17780 fixed close 17780 27.1 quit 
 Content analysis details:   (-2.9 points, 5.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -1.0 ALL_TRUSTED            Passed through trusted hosts only via SMTP
 -1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
 [score: 0.0000]
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: control
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

tags 17780 fixed
close 17780 27.1
quit





From unknown Sat Aug 16 13:45:31 2025
Received: (at fakecontrol) by fakecontrolmessage;
To: internal_control@debbugs.gnu.org
From: Debbugs Internal Request <help-debbugs@gnu.org>
Subject: Internal Control
Message-Id: bug archived.
Date: Tue, 22 Oct 2019 11:24:10 +0000
User-Agent: Fakemail v42.6.9

# This is a fake control message.
#
# The action:
# bug archived.
thanks
# This fakemail brought to you by your local debbugs
# administrator