Create pgp and s/mime default and sign_as key vars. (see #3983)

The $postpone_encrypt and $(pgp/smime)_self_encrypt configuration
variables have created a somewhat messier situation for users.  Many
of them now have to specify their keys across multiple configuration
variables.

(Trac) Ticket #3983 had a reasonable request: "if my encrypt and
signing keys are the same, why can't I just specify my key once in my
.muttrc?"

The problem currently is that $smime_default_key and $pgp_sign_as are
both used to specify signing keys, and are set by the "sign (a)s"
security menu choice.  So we can't store encryption keys there because
some users have separate sign-only capability keys.

Create $pgp_default_key to store the default encryption key.  Change
signing to use $pgp_default_key, unless overridden by $pgp_sign_as.
The pgp "sign (a)s" will continue setting $pgp_sign_as.

Create $smime_sign_as.  Change signing to use $smime_default_key
unless overridden by $smime_sign_as.  Change s/mime "sign (a)s" menu
to set $smime_sign_as instead.

Change $postpone_encrypt and $(pgp/smime)_self_encrypt to use
$(pgp/smime)_default_key by default.

Mark $(pgp/smime)_self_encrypt_as deprecated.  They are now aliases
for the $(pgp/smime)_default_key config vars.

Change $(pgp/smime)_self_encrypt default to set.

The intent is that most users now need only set
$(pgp/smime)_default_key.  If they have a sign-only key, or have
separate signing and encryption keys, they can put that in
$(pgp/smime)_sign_as.  This also enables to default self_encrypt on
and solve a very common request.

Thanks to Michele Marcionelli and Vincent Lefèvre for gently pushing
me towards a solution.

diff --git a/compose.c b/compose.c
index d113791aa6b19f0b9c3b7355c20d28164c0e7e40..d22bfc9a1dc83e3ae26e5063e695325c4c1e7354 100644 (file)
--- a/compose.c
+++ b/compose.c
@@ -310,7 +310,7 @@ static void redraw_crypt_lines(struct Header *msg)
     SETCOLOR(MT_COLOR_COMPOSE_HEADER);
     printw("%*s", HeaderPadding[HDR_CRYPTINFO], _(Prompts[HDR_CRYPTINFO]));
     NORMAL_COLOR;
-    printw("%s", SmimeDefaultKey ? SmimeDefaultKey : _("<default>"));
+    printw("%s", SmimeSignAs ? SmimeSignAs : _("<default>"));
   }
 
   if ((WithCrypto & APPLICATION_SMIME) && (msg->security & APPLICATION_SMIME) &&

diff --git a/doc/manual.xml.head b/doc/manual.xml.head
index 7c688764fcbe6f55300a43a391c7c5a38b71a656..c696b44dac051674bf8e80a88736df6224492a4b 100644 (file)
--- a/doc/manual.xml.head
+++ b/doc/manual.xml.head
@@ -2707,11 +2707,11 @@ color sidebar_divider   color8  default
         message will be encrypted using the selected public keys when sent
         out.</para>
        <para>
-       To ensure you can view encrypted message you have sent, you
+       To ensure you can view encrypted messages you have sent, you
        may wish to set <link linkend="pgp-self-encrypt">$pgp_self_encrypt</link>
-       and <link linkend="pgp-self-encrypt-as">$pgp_self_encrypt_as</link> for PGP, or
+       and <link linkend="pgp-default-key">$pgp_default_key</link> for PGP, or
        <link linkend="smime-self-encrypt">$smime_self_encrypt</link>
-       and <link linkend="smime-self-encrypt-as">$smime_self_encrypt_as</link> for S/MIME.
+       and <link linkend="smime-default-key">$smime_default_key</link> for S/MIME.
        </para>
         <para>Most fields of the entries in the key selection menu (see also
         <link linkend="pgp-entry-format">$pgp_entry_format</link>) have obvious

diff --git a/globals.h b/globals.h
index 9118394ff282f4ff17cbd3e0a9277fc38b4f36b9..5b66941c0b278dea56c7a0775d471de04e85037f 100644 (file)
--- a/globals.h
+++ b/globals.h
@@ -282,6 +282,7 @@ WHERE short ImapPollTimeout;
 /* -- formerly in pgp.h -- */
 WHERE struct Regex *PgpGoodSign;
 WHERE struct Regex *PgpDecryptionOkay;
+WHERE char *PgpDefaultKey;
 WHERE char *PgpSignAs;
 WHERE short PgpTimeout;
 WHERE char *PgpEntryFormat;
@@ -298,10 +299,10 @@ WHERE char *PgpVerifyKeyCommand;
 WHERE char *PgpListSecringCommand;
 WHERE char *PgpListPubringCommand;
 WHERE char *PgpGetkeysCommand;
-WHERE char *PgpSelfEncryptAs;
 
 /* -- formerly in smime.h -- */
 WHERE char *SmimeDefaultKey;
+WHERE char *SmimeSignAs;
 WHERE short SmimeTimeout;
 WHERE char *SmimeCertificates;
 WHERE char *SmimeKeys;
@@ -318,7 +319,6 @@ WHERE char *SmimePk7outCommand;
 WHERE char *SmimeGetCertCommand;
 WHERE char *SmimeImportCertCommand;
 WHERE char *SmimeGetCertEmailCommand;
-WHERE char *SmimeSelfEncryptAs;
 
 #ifdef USE_NOTMUCH
 WHERE int NmOpenTimeout;

diff --git a/init.h b/init.h
index 77961849e100da3bb0465d4e282da44520a73ee4..574f434944ec66c212750d73683ee7eff54ef52f 100644 (file)
--- a/init.h
+++ b/init.h
@@ -2253,7 +2253,8 @@ struct Option MuttVars[] = {
   ** .dt %f .dd Expands to the name of a file containing a message.
   ** .dt %s .dd Expands to the name of a file containing the signature part
   ** .          of a \fCmultipart/signed\fP attachment when verifying it.
-  ** .dt %a .dd The value of $$pgp_sign_as.
+  ** .dt %a .dd The value of $$pgp_sign_as if set, otherwise the value
+  **            of $$pgp_default_key.
   ** .dt %r .dd One or more key IDs (or fingerprints if available).
   ** .de
   ** .pp
@@ -2283,6 +2284,18 @@ struct Option MuttVars[] = {
   ** (e.g. simply signed and ascii armored text).
   ** (PGP only)
   */
+  { "pgp_default_key",         DT_STRING,       R_NONE, UL &PgpDefaultKey, 0 },
+  /*
+  ** .pp
+  ** This is the default key-pair to use for PGP operations.  It will be
+  ** used for encryption (see $$postpone_encrypt and $$pgp_self_encrypt).
+  ** .pp
+  ** It will also be used for signing unless $$pgp_sign_as is set.
+  ** .pp
+  ** The (now deprecated) \fIpgp_self_encrypt_as\fP is an alias for this
+  ** variable, and should no longer be used.
+  ** (PGP only)
+  */
   { "pgp_encrypt_only_command", DT_STRING, R_NONE, UL &PgpEncryptOnlyCommand, 0 },
   /*
   ** .pp
@@ -2463,19 +2476,11 @@ struct Option MuttVars[] = {
   ** removed, while the inner \fCmultipart/signed\fP part is retained.
   ** (PGP only)
   */
-  { "pgp_self_encrypt",    DT_BOOL, R_NONE, UL &PgpSelfEncrypt, 0 },
+  { "pgp_self_encrypt",    DT_BOOL, R_NONE, UL &PgpSelfEncrypt, 1 },
   /*
   ** .pp
   ** When \fIset\fP, PGP encrypted messages will also be encrypted
-  ** using the key in $$pgp_self_encrypt_as.
-  ** (PGP only)
-  */
-  { "pgp_self_encrypt_as", DT_STRING,  R_NONE, UL &PgpSelfEncryptAs, 0 },
-  /*
-  ** .pp
-  ** This is an additional key used to encrypt messages when $$pgp_self_encrypt
-  ** is \fIset\fP.  It is also used to specify the key for $$postpone_encrypt.
-  ** It should be in keyid or fingerprint form (e.g. 0x00112233).
+  ** using the key in $$pgp_default_key.
   ** (PGP only)
   */
   { "pgp_show_unusable", DT_BOOL, R_NONE, UL &PgpShowUnusable, 1 },
@@ -2489,9 +2494,10 @@ struct Option MuttVars[] = {
   { "pgp_sign_as",      DT_STRING,  R_NONE, UL &PgpSignAs, 0 },
   /*
   ** .pp
-  ** If you have more than one key pair, this option allows you to specify
-  ** which of your private keys to use.  It is recommended that you use the
-  ** keyid form to specify your key (e.g. \fC0x00112233\fP).
+  ** If you have a different key pair to use for signing, you should
+  ** set this to the signing key.  Most people will only need to set
+  ** $$pgp_default_key.  It is recommended that you use the keyid form
+  ** to specify your key (e.g. \fC0x00112233\fP).
   ** (PGP only)
   */
   { "pgp_sign_command",         DT_STRING, R_NONE, UL &PgpSignCommand, 0 },
@@ -2705,7 +2711,7 @@ struct Option MuttVars[] = {
   ** .pp
   ** When \fIset\fP, postponed messages that are marked for encryption will be
   ** self-encrypted.  NeoMutt will first try to encrypt using the value specified
-  ** in $$pgp_self_encrypt_as or $$smime_self_encrypt_as.  If those are not
+  ** in $$pgp_default_key or $$smime_default_key.  If those are not
   ** set, it will try the deprecated $$postpone_encrypt_as.
   ** (Crypto only)
   */
@@ -2713,7 +2719,7 @@ struct Option MuttVars[] = {
   /*
   ** .pp
   ** This is a deprecated fall-back variable for $$postpone_encrypt.
-  ** Please use $$pgp_self_encrypt_as or $$smime_self_encrypt_as.
+  ** Please use $$pgp_default_key or $$smime_default_key.
   ** (Crypto only)
   */
 #ifdef USE_SOCKET
@@ -3482,8 +3488,19 @@ struct Option MuttVars[] = {
   { "smime_default_key",                DT_STRING,  R_NONE, UL &SmimeDefaultKey, 0 },
   /*
   ** .pp
-  ** This is the default key-pair to use for signing. This must be set to the
-  ** keyid (the hash-value that OpenSSL generates) to work properly
+  ** This is the default key-pair to use for S/MIME operations, and must be
+  ** set to the keyid (the hash-value that OpenSSL generates) to work properly.
+  ** .pp
+  ** It will be used for encryption (see $$postpone_encrypt and
+  ** $$smime_self_encrypt).
+  ** .pp
+  ** It will be used for decryption unless $$smime_decrypt_use_default_key
+  ** is \fIunset\fP.
+  ** .pp
+  ** It will also be used for signing unless $$smime_sign_as is set.
+  ** .pp
+  ** The (now deprecated) \fIsmime_self_encrypt_as\fP is an alias for this
+  ** variable, and should no longer be used.
   ** (S/MIME only)
   */
   { "smime_encrypt_command",    DT_STRING, R_NONE, UL &SmimeEncryptCommand, 0 },
@@ -3544,7 +3561,8 @@ struct Option MuttVars[] = {
   ** This command is used to import a certificate via smime_keys.
   ** .pp
   ** This is a format string, see the $$smime_decrypt_command command for
-  ** possible \fCprintf(3)\fP-like sequences.
+  ** possible \fCprintf(3)\fP-like sequences.  NOTE: %c and %k will default
+  ** to $$smime_sign_as if set, otherwise $$smime_default_key.
   ** (S/MIME only)
   */
   { "smime_is_default", DT_BOOL,  R_NONE, UL &SmimeIsDefault, 0 },
@@ -3578,20 +3596,18 @@ struct Option MuttVars[] = {
   ** possible \fCprintf(3)\fP-like sequences.
   ** (S/MIME only)
   */
-  { "smime_self_encrypt",    DT_BOOL, R_NONE, UL &SmimeSelfEncrypt, 0 },
+  { "smime_self_encrypt",    DT_BOOL, R_NONE, UL &SmimeSelfEncrypt, 1 },
   /*
   ** .pp
   ** When \fIset\fP, S/MIME encrypted messages will also be encrypted
-  ** using the certificate in $$smime_self_encrypt_as.
+  ** using the certificate in $$smime_default_key.
   ** (S/MIME only)
   */
-  { "smime_self_encrypt_as", DT_STRING,  R_NONE, UL &SmimeSelfEncryptAs, 0 },
+  { "smime_sign_as",         DT_STRING, R_NONE, UL &SmimeSignAs, 0 },
   /*
   ** .pp
-  ** This is an additional certificate used to encrypt messages when
-  ** $$smime_self_encrypt is \fIset\fP.  It is also used to specify the
-  ** certificate for $$postpone_encrypt.  It should be the hash-value that
-  ** OpenSSL generates.
+  ** If you have a separate key to use for signing, you should set this
+  ** to the signing key. Most people will only need to set $$smime_default_key.
   ** (S/MIME only)
   */
   { "smime_sign_command",       DT_STRING, R_NONE, UL &SmimeSignCommand, 0 },
@@ -4394,10 +4410,11 @@ struct Option MuttVars[] = {
   { "pgp_replyencrypt",       DT_SYNONYM, R_NONE, UL "crypt_replyencrypt",       0 },
   { "pgp_replysign",          DT_SYNONYM, R_NONE, UL "crypt_replysign",          0 },
   { "pgp_replysignencrypted", DT_SYNONYM, R_NONE, UL "crypt_replysignencrypted", 0 },
+  { "pgp_self_encrypt_as",       DT_SYNONYM, R_NONE, UL "pgp_default_key",          0 },
   { "pgp_verify_sig",         DT_SYNONYM, R_NONE, UL "crypt_verify_sig",         0 },
   { "post_indent_str",        DT_SYNONYM, R_NONE, UL "post_indent_string",       0 },
   { "print_cmd",              DT_SYNONYM, R_NONE, UL "print_command",            0 },
-  { "smime_sign_as",          DT_SYNONYM, R_NONE, UL "smime_default_key",        0 },
+  { "smime_self_encrypt_as",  DT_SYNONYM, R_NONE, UL "smime_default_key",        0 },
   { "xterm_icon",             DT_SYNONYM, R_NONE, UL "ts_icon_format",           0 },
   { "xterm_set_titles",       DT_SYNONYM, R_NONE, UL "ts_enabled",               0 },
   { "xterm_title",            DT_SYNONYM, R_NONE, UL "ts_status_format",         0 },

diff --git a/ncrypt/crypt.c b/ncrypt/crypt.c
index 1828fac0323fea10d63ffa1830a0c7a14dbaf87e..090c5f7b5e44ed4a5ee23e45b8ddd2e1ff2e3c0c 100644 (file)
--- a/ncrypt/crypt.c
+++ b/ncrypt/crypt.c
@@ -874,7 +874,7 @@ int crypt_get_keys(struct Header *msg, char **keylist, int oppenc_mode)
       }
       OPT_PGP_CHECK_TRUST = false;
       if (PgpSelfEncrypt || (PgpEncryptSelf == MUTT_YES))
-        self_encrypt = PgpSelfEncryptAs;
+        self_encrypt = PgpDefaultKey;
     }
     if ((WithCrypto & APPLICATION_SMIME) && (msg->security & APPLICATION_SMIME))
     {
@@ -885,7 +885,7 @@ int crypt_get_keys(struct Header *msg, char **keylist, int oppenc_mode)
         return -1;
       }
       if (SmimeSelfEncrypt || (SmimeEncryptSelf == MUTT_YES))
-        self_encrypt = SmimeSelfEncryptAs;
+        self_encrypt = SmimeDefaultKey;
     }
   }
 

diff --git a/ncrypt/pgpinvoke.c b/ncrypt/pgpinvoke.c
index 750c7f4e71efb52e83927b2b135256df26e83247..a25d5204ac357ad1958ba0b602c336fa27e9f764 100644 (file)
--- a/ncrypt/pgpinvoke.c
+++ b/ncrypt/pgpinvoke.c
@@ -155,7 +155,7 @@ static void mutt_pgp_command(char *buf, size_t buflen,
 static pid_t pgp_invoke(FILE **pgpin, FILE **pgpout, FILE **pgperr, int pgpinfd,
                         int pgpoutfd, int pgperrfd, short need_passphrase,
                         const char *fname, const char *sig_fname,
-                        const char *signas, const char *ids, const char *format)
+                        const char *ids, const char *format)
 {
   struct PgpCommandContext cctx;
   char cmd[HUGE_STRING];
@@ -168,7 +168,10 @@ static pid_t pgp_invoke(FILE **pgpin, FILE **pgpout, FILE **pgperr, int pgpinfd,
   cctx.need_passphrase = need_passphrase;
   cctx.fname = fname;
   cctx.sig_fname = sig_fname;
-  cctx.signas = signas;
+  if (PgpSignAs && *PgpSignAs)
+    cctx.signas = PgpSignAs;
+  else
+    cctx.signas = PgpDefaultKey;
   cctx.ids = ids;
 
   mutt_pgp_command(cmd, sizeof(cmd), &cctx, format);
@@ -186,28 +189,28 @@ pid_t pgp_invoke_decode(FILE **pgpin, FILE **pgpout, FILE **pgperr, int pgpinfd,
                         int pgpoutfd, int pgperrfd, const char *fname, short need_passphrase)
 {
   return pgp_invoke(pgpin, pgpout, pgperr, pgpinfd, pgpoutfd, pgperrfd,
-                    need_passphrase, fname, NULL, PgpSignAs, NULL, PgpDecodeCommand);
+                    need_passphrase, fname, NULL, NULL, PgpDecodeCommand);
 }
 
 pid_t pgp_invoke_verify(FILE **pgpin, FILE **pgpout, FILE **pgperr, int pgpinfd,
                         int pgpoutfd, int pgperrfd, const char *fname, const char *sig_fname)
 {
   return pgp_invoke(pgpin, pgpout, pgperr, pgpinfd, pgpoutfd, pgperrfd, 0,
-                    fname, sig_fname, PgpSignAs, NULL, PgpVerifyCommand);
+                    fname, sig_fname, NULL, PgpVerifyCommand);
 }
 
 pid_t pgp_invoke_decrypt(FILE **pgpin, FILE **pgpout, FILE **pgperr, int pgpinfd,
                          int pgpoutfd, int pgperrfd, const char *fname)
 {
   return pgp_invoke(pgpin, pgpout, pgperr, pgpinfd, pgpoutfd, pgperrfd, 1,
-                    fname, NULL, PgpSignAs, NULL, PgpDecryptCommand);
+                    fname, NULL, NULL, PgpDecryptCommand);
 }
 
 pid_t pgp_invoke_sign(FILE **pgpin, FILE **pgpout, FILE **pgperr, int pgpinfd,
                       int pgpoutfd, int pgperrfd, const char *fname)
 {
   return pgp_invoke(pgpin, pgpout, pgperr, pgpinfd, pgpoutfd, pgperrfd, 1,
-                    fname, NULL, PgpSignAs, NULL, PgpSignCommand);
+                    fname, NULL, NULL, PgpSignCommand);
 }
 
 pid_t pgp_invoke_encrypt(FILE **pgpin, FILE **pgpout, FILE **pgperr,
@@ -216,10 +219,10 @@ pid_t pgp_invoke_encrypt(FILE **pgpin, FILE **pgpout, FILE **pgperr,
 {
   if (sign)
     return pgp_invoke(pgpin, pgpout, pgperr, pgpinfd, pgpoutfd, pgperrfd, 1,
-                      fname, NULL, PgpSignAs, uids, PgpEncryptSignCommand);
+                      fname, NULL, uids, PgpEncryptSignCommand);
   else
     return pgp_invoke(pgpin, pgpout, pgperr, pgpinfd, pgpoutfd, pgperrfd, 0,
-                      fname, NULL, PgpSignAs, uids, PgpEncryptOnlyCommand);
+                      fname, NULL, uids, PgpEncryptOnlyCommand);
 }
 
 pid_t pgp_invoke_traditional(FILE **pgpin, FILE **pgpout, FILE **pgperr,
@@ -228,11 +231,11 @@ pid_t pgp_invoke_traditional(FILE **pgpin, FILE **pgpout, FILE **pgperr,
 {
   if (flags & ENCRYPT)
     return pgp_invoke(pgpin, pgpout, pgperr, pgpinfd, pgpoutfd, pgperrfd,
-                      flags & SIGN ? 1 : 0, fname, NULL, PgpSignAs, uids,
+                      flags & SIGN ? 1 : 0, fname, NULL, uids,
                       flags & SIGN ? PgpEncryptSignCommand : PgpEncryptOnlyCommand);
   else
     return pgp_invoke(pgpin, pgpout, pgperr, pgpinfd, pgpoutfd, pgperrfd, 1,
-                      fname, NULL, PgpSignAs, NULL, PgpClearSignCommand);
+                      fname, NULL, NULL, PgpClearSignCommand);
 }
 
 void pgp_invoke_import(const char *fname)
@@ -245,7 +248,10 @@ void pgp_invoke_import(const char *fname)
 
   mutt_file_quote_filename(tmp_fname, sizeof(tmp_fname), fname);
   cctx.fname = tmp_fname;
-  cctx.signas = PgpSignAs;
+  if (PgpSignAs && *PgpSignAs)
+    cctx.signas = PgpSignAs;
+  else
+    cctx.signas = PgpDefaultKey;
 
   mutt_pgp_command(cmd, sizeof(cmd), &cctx, PgpImportCommand);
   if (mutt_system(cmd) != 0)
@@ -301,14 +307,14 @@ pid_t pgp_invoke_export(FILE **pgpin, FILE **pgpout, FILE **pgperr, int pgpinfd,
                         int pgpoutfd, int pgperrfd, const char *uids)
 {
   return pgp_invoke(pgpin, pgpout, pgperr, pgpinfd, pgpoutfd, pgperrfd, 0, NULL,
-                    NULL, PgpSignAs, uids, PgpExportCommand);
+                    NULL, uids, PgpExportCommand);
 }
 
 pid_t pgp_invoke_verify_key(FILE **pgpin, FILE **pgpout, FILE **pgperr, int pgpinfd,
                             int pgpoutfd, int pgperrfd, const char *uids)
 {
   return pgp_invoke(pgpin, pgpout, pgperr, pgpinfd, pgpoutfd, pgperrfd, 0, NULL,
-                    NULL, PgpSignAs, uids, PgpVerifyKeyCommand);
+                    NULL, uids, PgpVerifyKeyCommand);
 }
 
 pid_t pgp_invoke_list_keys(FILE **pgpin, FILE **pgpout, FILE **pgperr,
@@ -329,7 +335,6 @@ pid_t pgp_invoke_list_keys(FILE **pgpin, FILE **pgpout, FILE **pgperr,
     strcpy(uids, tmpuids);
   }
 
-  return pgp_invoke(pgpin, pgpout, pgperr, pgpinfd, pgpoutfd, pgperrfd, 0, NULL,
-                    NULL, PgpSignAs, uids,
-                    keyring == PGP_SECRING ? PgpListSecringCommand : PgpListPubringCommand);
+  return pgp_invoke(pgpin, pgpout, pgperr, pgpinfd, pgpoutfd, pgperrfd, 0, NULL, NULL,
+                    uids, keyring == PGP_SECRING ? PgpListSecringCommand : PgpListPubringCommand);
 }

diff --git a/ncrypt/smime.c b/ncrypt/smime.c
index 511994b19a030b4323d0d8a032de49ba63101d6e..43f524bb4479a6184e7859ed465d685790ce7096 100644 (file)
--- a/ncrypt/smime.c
+++ b/ncrypt/smime.c
@@ -1494,11 +1494,13 @@ struct Body *smime_sign_message(struct Body *a)
   int err = 0;
   int empty = 0;
   pid_t thepid;
-  struct SmimeKey *default_key = NULL;
+  char *signas = NULL;
+  struct SmimeKey *signas_key = NULL;
   char *intermediates = NULL;
   char *micalg = NULL;
 
-  if (!SmimeDefaultKey)
+  signas = (SmimeSignAs && *SmimeSignAs) ? SmimeSignAs : SmimeDefaultKey;
+  if (!signas || !*signas)
   {
     mutt_error(_("Can't sign: No key specified. Use Sign As."));
     return NULL;
@@ -1529,21 +1531,21 @@ struct Body *smime_sign_message(struct Body *a)
   mutt_write_mime_body(a, sfp);
   mutt_file_fclose(&sfp);
 
-  snprintf(SmimeKeyToUse, sizeof(SmimeKeyToUse), "%s/%s", NONULL(SmimeKeys), SmimeDefaultKey);
+  snprintf(SmimeKeyToUse, sizeof(SmimeKeyToUse), "%s/%s", NONULL(SmimeKeys), signas);
 
   snprintf(SmimeCertToUse, sizeof(SmimeCertToUse), "%s/%s",
-           NONULL(SmimeCertificates), SmimeDefaultKey);
+           NONULL(SmimeCertificates), signas);
 
-  default_key = smime_get_key_by_hash(SmimeDefaultKey, 1);
-  if ((!default_key) || (mutt_str_strcmp("?", default_key->issuer) == 0))
-    intermediates = SmimeDefaultKey; /* so openssl won't complain in any case */
+  signas_key = smime_get_key_by_hash(signas, 1);
+  if ((!signas_key) || (!mutt_str_strcmp("?", signas_key->issuer)))
+    intermediates = signas; /* so openssl won't complain in any case */
   else
-    intermediates = default_key->issuer;
+    intermediates = signas_key->issuer;
 
   snprintf(SmimeIntermediateToUse, sizeof(SmimeIntermediateToUse), "%s/%s",
            NONULL(SmimeCertificates), intermediates);
 
-  smime_free_key(&default_key);
+  smime_free_key(&signas_key);
 
   thepid = smime_invoke_sign(&smimein, NULL, &smimeerr, -1, fileno(smimeout), -1, filetosign);
   if (thepid == -1)
@@ -2162,29 +2164,19 @@ int smime_send_menu(struct Header *msg)
       break;
 
       case 's': /* (s)ign */
+        msg->security &= ~ENCRYPT;
+        msg->security |= SIGN;
+        break;
+
       case 'S': /* (s)ign in oppenc mode */
-        if (!SmimeDefaultKey)
-        {
-          key = smime_ask_for_key(_("Sign as: "), KEYFLAG_CANSIGN, 0);
-          if (key)
-          {
-            mutt_str_replace(&SmimeDefaultKey, key->hash);
-            smime_free_key(&key);
-          }
-          else
-            break;
-        }
-        if (choices[choice - 1] == 's')
-          msg->security &= ~ENCRYPT;
         msg->security |= SIGN;
         break;
 
       case 'a': /* sign (a)s */
-
         key = smime_ask_for_key(_("Sign as: "), KEYFLAG_CANSIGN, 0);
         if (key)
         {
-          mutt_str_replace(&SmimeDefaultKey, key->hash);
+          mutt_str_replace(&SmimeSignAs, key->hash);
           smime_free_key(&key);
 
           msg->security |= SIGN;

diff --git a/postpone.c b/postpone.c
index 15252ffb620956b39eabd6b3fef1722d6faa8a5d..429541c8bc3a82b2ec66cf599c49814da7dd9c25 100644 (file)
--- a/postpone.c
+++ b/postpone.c
@@ -515,7 +515,7 @@ int mutt_parse_crypt_hdr(const char *p, int set_empty_signas, int crypt_app)
   if ((WithCrypto & APPLICATION_SMIME) && (crypt_app == APPLICATION_SMIME) &&
       (flags & SIGN) && (set_empty_signas || *sign_as))
   {
-    mutt_str_replace(&SmimeDefaultKey, sign_as);
+    mutt_str_replace(&SmimeSignAs, sign_as);
   }
 
   return flags;

diff --git a/send.c b/send.c
index 0e09eaaf4083fa16ffd38cae5cf06589f7bf4775..e5e33804a06e29b38133bc3cc7151c97037377ed 100644 (file)
--- a/send.c
+++ b/send.c
@@ -1290,7 +1290,7 @@ int ci_send_message(int flags, struct Header *msg, char *tempfile,
   char *pgpkeylist = NULL;
   /* save current value of "pgp_sign_as"  and "smime_default_key" */
   char *pgp_signas = NULL;
-  char *smime_default_key = NULL;
+  char *smime_signas = NULL;
   char *tag = NULL, *err = NULL;
   char *ctype = NULL;
   char *finalpath = NULL;
@@ -1322,7 +1322,7 @@ int ci_send_message(int flags, struct Header *msg, char *tempfile,
     if (WithCrypto & APPLICATION_PGP)
       pgp_signas = mutt_str_strdup(PgpSignAs);
     if (WithCrypto & APPLICATION_SMIME)
-      smime_default_key = mutt_str_strdup(SmimeDefaultKey);
+      smime_signas = mutt_str_strdup(SmimeSignAs);
   }
 
   /* Delay expansion of aliases until absolutely necessary--shouldn't
@@ -1835,9 +1835,9 @@ int ci_send_message(int flags, struct Header *msg, char *tempfile,
         char *encrypt_as = NULL;
 
         if ((WithCrypto & APPLICATION_PGP) && (msg->security & APPLICATION_PGP))
-          encrypt_as = PgpSelfEncryptAs;
+          encrypt_as = PgpDefaultKey;
         else if ((WithCrypto & APPLICATION_SMIME) && (msg->security & APPLICATION_SMIME))
-          encrypt_as = SmimeSelfEncryptAs;
+          encrypt_as = SmimeDefaultKey;
         if (!(encrypt_as && *encrypt_as))
           encrypt_as = PostponeEncryptAs;
 
@@ -2201,8 +2201,8 @@ cleanup:
     }
     if (WithCrypto & APPLICATION_SMIME)
     {
-      FREE(&SmimeDefaultKey);
-      SmimeDefaultKey = smime_default_key;
+      FREE(&SmimeSignAs);
+      SmimeSignAs = smime_signas;
     }
   }
 

diff --git a/sendlib.c b/sendlib.c
index 51a83a37478dabb60398a02a5b8a4187b206f77a..5b38c01617704c471efe2525b10506cc6dcb862d 100644 (file)
--- a/sendlib.c
+++ b/sendlib.c
@@ -3049,8 +3049,8 @@ int mutt_write_fcc(const char *path, struct Header *hdr, const char *msgid,
     if (hdr->security & SIGN)
     {
       fputc('S', msg->fp);
-      if (SmimeDefaultKey && *SmimeDefaultKey)
-        fprintf(msg->fp, "<%s>", SmimeDefaultKey);
+      if (SmimeSignAs && *SmimeSignAs)
+        fprintf(msg->fp, "<%s>", SmimeSignAs);
     }
     if (hdr->security & INLINE)
       fputc('I', msg->fp);