Daniel Kahn Gillmor writes:
> This allows us to test S/MIME messages in other tests.
>
pushed the revised series. Actually I had to cherry-pick the last patch
from the gitlab branch for some reason (probably lack of rebasing after
earlier patches were changed).
d
In the two places where _notmuch_crypto_decrypt handles
multipart/encrypted messages (PGP/MIME), we should also handle PKCS#7
envelopedData (S/MIME).
This is insufficient for fully handling S/MIME encrypted data because
_notmuch_crypto_decrypt isn't yet actually invoked for envelopedData
parts,
Unwrap a PKCS#7 SignedData part unconditionally when the cli is
traversing the MIME tree, and return it as a "child" of what would
otherwise be a leaf in the tree.
Unfortunately, this also breaks the JSON output. We will fix that
next.
Signed-off-by: Daniel Kahn Gillmor
---
mime-node.c
As we prepare to handle S/MIME-encrypted PKCS#7 EnvelopedData (which
is not multipart), we don't want to be limited to passing only
GMimeMultipartEncrypted MIME parts to _notmuch_crypto_decrypt.
There is no functional change here, just a matter of adjusting how we
pass arguments internally.
We don't handle them correctly yet, but we can at least mark them as
being encrypted.
Signed-off-by: Daniel Kahn Gillmor
---
lib/index.cc | 4
test/T355-smime.sh | 1 -
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/lib/index.cc b/lib/index.cc
index bbf13dc5..f029b334
Until we did PKCS#7 unwrapping, no leaf MIME part could have a child.
Now, we treat the unwrapped MIME part as the child of the PKCS#7
SignedData object. So in that case, we want to show it instead of
deliberately omitting the content.
This fixes the test of the protected subject in
Signed-off-by: Daniel Kahn Gillmor
---
lib/index.cc | 5 +++--
test/T355-smime.sh | 2 --
2 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/lib/index.cc b/lib/index.cc
index da9a3abe..826aa341 100644
--- a/lib/index.cc
+++ b/lib/index.cc
@@ -656,8 +656,9 @@ _index_pkcs7_part
This series applies after the "Add tests for S/MIME PKCS#7 messages"
series, which was introduced in
id:20200428185723.660184-1-...@fifthhorseman.net
With this series applied, notmuch handles standard PKCS#7 S/MIME
messages (using GnuPG's gpgsm as a backend, as mediated by GMime's use
of GPGME)
When we are indexing, we should treat SignedData parts the same way
that we treat a multipart object, indexing the wrapped part as a
distinct MIME object.
Unfortunately, this means doing some sort of cryptographic
verification whose results we throw away, because GMime doesn't offer
us any way to
When composing a reply, no one wants to see this line in the proposed
message:
Non-text part: application/pkcs7-mime
So we hide it, the same way we hide PGP/MIME cruft.
Signed-off-by: Daniel Kahn Gillmor
---
notmuch-reply.c| 5 +++--
test/T355-smime.sh | 1 -
2 files changed, 3
This change means we can support "notmuch show --decrypt=true" for
S/MIME encrypted messages, resolving several outstanding broken tests,
including all the remaining S/MIME protected header examples.
We do not yet handle indexing the cleartext of S/MIME encrypted
messages, though.
Signed-off-by:
Without this fix, we couldn't run both add_gnupg_home and
add_gpgsm_home in the same test script.
Signed-off-by: Daniel Kahn Gillmor
---
test/test-lib.sh | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/test/test-lib.sh b/test/test-lib.sh
index ac1b9315..1baa2d20
This is taken from the same Internet Draft that test/smime/ca.crt
comes from. See that draft for more details.
https://www.ietf.org/id/draft-dkg-lamps-samples-02.html#name-pkcs12-object-for-bob
We don't use it yet, but it will be used to decrypt other messages in
the test suite.
Note that we
This CA is useful for test suites and the like, but is not an
actually-secure CA, because its secret key material is also published.
I plan to use it for its intended purpose in the notmuch test suite.
It was copied from this Internet Draft:
On Wed 2020-04-29 23:12:33 +0300, Tomi Ollila wrote:
> Rest of the series look tolerable to me. That one missing
> "inconsistent quotes" is inconsistent with added quotes
> in one of the changes in previous email (which just did that)
>
> Otherwise OK (provided that tests pass)
> (except that
On Wed 2020-04-29 23:02:19 +0300, Tomi Ollila wrote:
> On Tue, Apr 28 2020, Daniel Kahn Gillmor wrote:
>
>> Without this fix, we couldn't run both add_gnupg_home and
>> add_gpgsm_home in the same test script.
>>
>> Signed-off-by: Daniel Kahn Gillmor
>> ---
>> test/test-lib.sh | 8
>> 1
On Wed 2020-04-29 08:33:24 -0700, Jameson Graef Rollins wrote:
> On Tue, Apr 28 2020, Daniel Kahn Gillmor wrote:
>> One final way we could normalize everything and make it less
>> idiosyncratic, with shorter, simpler man pages: deprecate and then drop
>> the --booloption/--no-booloption
On Wed 2020-04-29 23:05:03 +0300, Tomi Ollila wrote:
> Now that I started w/ consistenly quotes -- "$NOTMUCH_SRCDIR/..."
>
> Or maybe not, is this variable consistently unquoted -- or something ;)
there are lots of places where NOTMUCH_SRCDIR is unquoted, and some
where it is. I guess i should
On Tue 2020-04-28 22:43:10 -0300, David Bremner wrote:
> Daniel Kahn Gillmor writes:
>
>> This CA is useful for test suites and the like, but is not an
>> actually-secure CA, because its secret key material is also published.
>>
>> I plan to use it for its intended purpose in the notmuch test
19 matches
Mail list logo
