GNU bug report logs - #67931
[PATCH] Use S/MIME key from content for mail signing via OpenSSL

Previous Next

Full log

Message #29 received at 67931 <at> debbugs.gnu.org (full text, mbox):

From: Eric Abrahamsen <eric <at> ericabrahamsen.net>
To: Illia Ostapyshyn <illia <at> yshyn.com>
Cc: Eli Zaretskii <eliz <at> gnu.org>, 67931 <at> debbugs.gnu.org, larsi <at> gnus.org,
 stefankangas <at> gmail.com
Subject: Re: bug#67931: [PATCH] Use S/MIME key from content for mail signing
 via OpenSSL
Date: Tue, 07 May 2024 19:28:40 -0700

Illia Ostapyshyn <illia <at> yshyn.com> writes:

> Eli Zaretskii <eliz <at> gnu.org> writes:
>
>>> Cc: Lars Ingebrigtsen <larsi <at> gnus.org>, 17780 <at> debbugs.gnu.org,
>>>  Stefan Kangas <stefankangas <at> gmail.com>, Jan Beich <jbeich <at> vfemail.net>,
>>>  67931 <at> debbugs.gnu.org
>>> From: Illia Ostapyshyn <illia <at> yshyn.com>
>>> Date: Mon, 06 May 2024 20:46:33 +0200
>>> 
>>> Sorry, forgot to attach the patch, sending it with this email.
>>
>> Thanks, I'm adding Eric to the discussion.
>
> Thanks!
>
> I've realized that reusing certfile parameter for signing will have
> unintended side-effects when encrypting and signing a message.  When a
> single signencrypt MML tag is used for both this results in all
> certfiles passed to both `smime-encrypt-buffer' and `smime-sign-buffer'.
>
> I'm sending a new patch that introduces a parameter called chainfile for
> signatures instead.

The patch seems to work as intended -- I won't claim to know enough
about SMIME to know if it does the right thing or not. Can you briefly
explain what the additional certificates actually do, and why they're
useful in signing but not in encryption?

Thanks,
Eric

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.