GNU bug report logs - #18393
mm-view-pkcs7-verify ignores mml-smime-use

Previous Next

Packages: gnus, emacs;

Reported by: Jens Lechtenboerger <lechten <at> wi.uni-muenster.de>

Date: Wed, 3 Sep 2014 14:28:02 UTC

Severity: normal

Tags: fixed

Fixed in version 28.1

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

Message #24 received at 18393 <at> debbugs.gnu.org (full text, mbox):

From: Lars Ingebrigtsen <larsi <at> gnus.org>
To: Jens Lechtenboerger <lechten <at> wi.uni-muenster.de>
Cc: 18393 <at> debbugs.gnu.org
Subject: Re: bug#18393: mm-view-pkcs7-verify ignores mml-smime-use
Date: Wed, 25 Sep 2019 15:38:56 +0200

Jens Lechtenboerger <lechten <at> wi.uni-muenster.de> writes:

>>> I use mml-smime-use to prefer EPG over OpenSSL.  However,
>>> mm-view-pkcs7-verify ignores that variable and calls
>>> smime-verify-region (which uses OpenSSL).
>>>
>>> For signed e-mails with
>>> Content-Type: application/pkcs7-mime; name="smime.p7m";
>>>    smime-type=signed-data
>>> this results in the error message: "No CA configured"
>>> (And the e-mail is displayed in base64 encoded form; the text is not
>>> shown.)
>>
>> Could you send such a message to enable us to debug this?
>
> Attached you find the message from section 4.9 of RFC4134, with the
> CA certificate.  Verify with:
>
> openssl smime -verify -CAfile carldssself.pem -in rfc4134-4.9.mail
> -signer signer.pem -out signedtext.txt

Yup, I get the same.

If I say:

(setq smime-CA-file "/tmp/carldssself.pem")

I get a blank article buffer.

I'm trying to follow the logic of the code here.  One bug is what you
report, that mml-smime-use isn't heeded, and I'll fix that (it seems
pretty easy, I can just cargo-cult mm-view-pkcs7-decrypt, which starts:

(defun mm-view-pkcs7-decrypt (handle &optional from)
  (insert-buffer-substring (mm-handle-buffer handle))
  (goto-char (point-min))
  (if (eq mml-smime-use 'epg)
      ...

But in this instance we don't get to that function.  Instead we get to:

(defun mm-view-pkcs7 (handle &optional from)
  (cl-case (mm-view-pkcs7-get-type handle)
    (enveloped (mm-view-pkcs7-decrypt handle from))
    (signed (mm-view-pkcs7-verify handle))
    (otherwise (error "Unknown or unimplemented PKCS#7 type"))))

(defun mm-view-pkcs7-verify (handle)
   ...)

because this is "signed", not "enveloped".  I'm not very familiar with
this stuff...  but the mm-view-pkcs7-verify function just verifies the
data and doesn't return anything, which explains why I'm getting an
empty article buffer.  But why is this ever useful?  It seems odd,
doesn't it?

Is the -verify function also supposed to return the decoded text?
(Which is "This is some sample content.".)

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no
This bug report was last modified 5 years and 5 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.