-
Thomas Roessler authored
- the getkeys() function was broken and deleted the last char of the certfilename - it now lets me use more than one key for the same mailbox ie select these. - some display output was garbled when the email didn't match. i posted some fix to mutt-users, but i don't like that sleep() so i dropped the first error message, which basically repeated the from/sender field only. so now there's just the message: they don't match. smime_keys: - i modified the add_chain to continue even if no roo-cert is present (david collantes received som chain that got exported from outlook. obiously they don't (always ?) include the root cert) it will now abort if neither root nor intermediate certs are present. - add_cert created index entries with '-' as issuer cert, when it should have been '?'. thus verify would fail. (obviously nobody ever used that command (add_cert, that is) :) the feature above obsoletes the hash_cert and fingerprint_cert commands, adds import_cert command and ask_cert_label bool. i modified the output of smime_keys (a little) so it doesn't look too garbled when supplying the label (it is actually interactive :) furthermore, i do a verify after the cert was added and modified the verify routine to make the cerificate trusted in case of success. (we discussed this in another message) that is ok so far, but perhaps this requires some better root certificate handling, ie the trust should be somehow connected to the root certificate, that maybe added (if the user trusts it and its not present already) to the ca-file. i'll think about that some more ... but then, there already is the add_root command. hmmm... (btw, you'll now never get asked to trust a certificate) i have not yet deleted the email handling from the import key stuff (in smime.c/crypt.c), for i'm thinking about smime_keys using it as an additional arg. otoh i don't think users would press ^k if verification failed...hmmm... but still, smime_keys does extract the email from the certificate either way and does verify it by itself, so the only thing that would happen is to have some invalid certificates, that mutt'll refuse to use anyways, left in the database.... (From Oliver Ehli.)
40f96d38