Package: mutt Version: 1.5.21-6.4 Severity: important Tags: security When I receive an smime email message, I get to see the following: [-- OpenSSL output follows (current time: Sun 05 Jan 2014 03:06:49 AM CET) --] Verification successful [-- End of OpenSSL output --]
That is, I have no idea who signed it and if that's related to what is in From: or not. Looking at the smime and cms utils from openssl, I don't see a way I can make them output that. What it can do is what it to a file with the -signer option. You could then use openssl x509's -email option to get a list of email addresses it the certificate is valid for. It would be nice that it checked that From contains one of those addresses. You might want to show something from x509's -subject too. I would also like to recommend that you use "-purpose smimesign" or "-purpose smimeencrypt". Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
