Skip to content
Blame History Permalink
  • Thomas Roessler's avatar
    smime.c: · 40f96d38
    Thomas Roessler authored 
     - the getkeys() function was broken and deleted the last char
   of the certfilename
 - it now lets me use more than one key for the same mailbox
   ie select these.
 - some display output was garbled when the email didn't match.
   i posted some fix to mutt-users, but i don't like that sleep()
   so i dropped the first error message, which basically repeated
   the from/sender field only. so now there's just the message: they
   don't match.

smime_keys:
 - i modified the add_chain to continue even if no roo-cert
   is present (david collantes received som chain that got
   exported from outlook. obiously they don't (always ?)
   include the root cert) it will now abort if neither root
   nor intermediate certs are present.
 - add_cert created index entries with '-' as issuer cert, when
   it should have been '?'. thus verify would fail. (obviously
   nobody ever used that command (add_cert, that is) :)

the feature above obsoletes the hash_cert and fingerprint_cert commands,
adds import_cert command and ask_cert_label bool. i modified the output
of smime_keys (a little) so it doesn't look too garbled when supplying
the label (it is actually interactive :) furthermore, i do a verify
after the cert was added and modified the verify routine to make the
cerificate trusted in case of success. (we discussed this in another
message) that is ok so far, but perhaps this requires some better root
certificate handling, ie the trust should be somehow connected to the
root certificate, that maybe added (if the user trusts it and its not
present already) to the ca-file. i'll think about that some more ... but
then, there already is the add_root command. hmmm... (btw, you'll now
never get asked to trust a certificate)

i have not yet deleted the email handling from the import key stuff (in
smime.c/crypt.c), for i'm thinking about smime_keys using it as an
additional arg. otoh i don't think users would press ^k if verification
failed...hmmm... but still, smime_keys does extract the email from the
certificate either way and does verify it by itself, so the only thing
that would happen is to have some invalid certificates, that mutt'll
refuse to use anyways, left in the database....

(From Oliver Ehli.)
    40f96d38