Hi all, tl;dr: Why is this the proposed¹ configuration > smime_pk7out_command="openssl smime -verify -in %f -noverify -pk7out" and not > smime_pk7out_command="openssl smime -pk7out -in %f" ?
When I want to extract an S/MIME key using ^K (<extract-keys>), the first variant does not work for me while the latter does (Mutt 2.2.13 (2024-03-09) with OpenSSL 3.5.1 1 Jul 2025). More specifically, when pressing ^K, Mutt asks for the certificate label and then I get the following error in the status line: > /home/xxx/.mutt/temp/mutt-xxx-1000-681360-12545243397749360789: No > such file or directory (errno = 2) and stderr shows: > Error reading S/MIME message > 40C783E3667F0000:error:068000D2:asn1 encoding routines:SMIME_read_ASN1_ex:no > multipart body failure:../crypto/asn1/asn_mime.c:439: > unable to load PKCS7 object > 402786DCC57F0000:error:0480006C:PEM routines:get_name:no start > line:../crypto/pem/pem_lib.c:797:Expecting: PKCS7 When I run "openssl smime -verify -in $msg -noverify -pk7out" manually on an email, openssl throws another error, though: > smime: Cannot use -pk7out together with -verify (I suspect the error in Mutt is from smime_get_cert_command.) It took me some time to figure out that the default setting of smime_pk7out_command is the culprit and for me "openssl smime -pk7out -in %f" works and makes more sense (though I'm not an openssl expert). Does anybody know what the purpose of the original command is and in which situation it could work? Is there any drawback using the variant I use? And: Is this a bug I should report or file a pull request with my working configuration? BTW: It feels very good to be back to Mutt after roughly twenty years. Thanks for the great work keeping Mutt alive! Best regards, Robert ¹ https://gitlab.com/muttmua/mutt/-/blob/master/contrib/smime.rc
signature.asc
Description: PGP signature
