GNU bug report logs - #40397
28.0.50; epg decrypt does not verify signed content in smime encrypted and signed message

Previous Next

Packages: gnus, emacs;

Reported by: Sebastian Fieber <sebastian.fieber <at> web.de>

Date: Thu, 2 Apr 2020 23:38:03 UTC

Severity: normal

Tags: patch

Found in version 28.0.50

Fixed in version 29.1

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

Message #42 received at 40397 <at> debbugs.gnu.org (full text, mbox):

From: Sebastian Fieber <sebastian.fieber <at> web.de>
To: Lars Ingebrigtsen <larsi <at> gnus.org>
Cc: 40397 <at> debbugs.gnu.org
Subject: Re: bug#40397: 28.0.50; epg decrypt does not verify signed content
 in smime
Date: Sun, 02 Aug 2020 22:11:20 +0200

On So, Aug 02 2020, Lars Ingebrigtsen <larsi <at> gnus.org> wrote:

>> and also does
>> implement support for the security buttons for application/pkcs7-mime
>> parts.  This is quite nice as application/pkcs7-mime parts are not
>> handled automatically by default in gnus.  ATM you have to set
>> mm-decrypt-option and mm-verify-option at least to 'ask.  So with this
>> supported it should now work out of the box even without setting
>> mm-decrypt-option and mm-verify-option because now gnus shows the
>> buttons properly and one can click on them and decrypt/verify the part
>> "manually".
>
> This sounds like a good addition to me, and would like to apply the
> patch to Emacs 28.  It's a large patch, though, and you don't seem to
> have copyright FSF assignment on file -- is that correct?  If it is,
> would you be willing to sign such paperwork, and we can then apply the
> patch?

Yes, I haven't done any copyright assignment yet but I'd be willing to
do so if someone can guide me a bit or point me to where I can find info
about what I have to do.

There are some untested and unimplemented stuff in my implementation.
If I remember correct there is no real handling of error cases which I
wanted to add so it is on par with the other security buttons
implementations.  So I'd like to work on this a bit more and provide a
more fully featured patch.  But I'm pretty busy right now with real
life, so this may take a few months as I'd need to find some time.

Nontheless I will check if I have done any changes to my provided patch
and resubmit it if I have any work pending - if you don't want to wait
for me and want to apply the patch anyway even without proper error
handling.
This bug report was last modified 3 years and 208 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.