From b2a3ceb5a95a60cd07fe3c4b45d824bf50b3f593 Mon Sep 17 00:00:00 2001 From: Brendan Cully Date: Sun, 29 Jun 2008 00:31:42 -0700 Subject: [PATCH] Show more information about problematic SMIME signatures under gpgme. Also warn if the key is not known to be good. For some reason expired keys in my environment are not flagged as expired in sig->status or sig->summary. --- ChangeLog | 10 ++++++ crypt-gpgme.c | 91 +++++++++++++++++++++++++++++---------------------- 2 files changed, 61 insertions(+), 40 deletions(-) diff --git a/ChangeLog b/ChangeLog index db479e42..b8e5e6af 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,13 @@ +2008-06-28 20:33 -0700 Brendan Cully (1492c24f2a4e) + + * mutt_ssl_gnutls.c: Extract CN from client certificate in gnutls. + Nothing currently uses it, but I suspect we should be using it as + the external auth name in mutt_sasl_client_new. + + * UPDATING, globals.h, init.h, mutt_sasl.c, mutt_ssl_gnutls.c: + Basic support for $ssl_client_cert when compiled with + gnutls. The key must not be encrypted. Closes #2911. + 2008-06-27 12:04 -0700 Petr Písař (40c6e851bf76) * po/cs.po: Updated Czech translation. diff --git a/crypt-gpgme.c b/crypt-gpgme.c index ee0477c8..a96288d4 100644 --- a/crypt-gpgme.c +++ b/crypt-gpgme.c @@ -1252,6 +1252,28 @@ static void show_one_sig_validity (gpgme_ctx_t ctx, int idx, STATE *s) state_attach_puts (txt, s); } +static void print_smime_keyinfo (gpgme_signature_t sig, gpgme_key_t key, + STATE *s) +{ + gpgme_user_id_t uids = NULL; + int aka = 0; + + for (uids = key->uids; uids; uids = uids->next) + { + if (uids->revoked) + continue; + if (aka) + state_attach_puts (_(" aka: "), s); + state_attach_puts (uids->uid, s); + state_attach_puts ("\n", s); + + aka = 1; + } + state_attach_puts (_(" created: "), s); + print_time (sig->timestamp, s); + state_attach_puts ("\n", s); +} + /* Show information about one signature. This fucntion is called with the context CTX of a sucessful verification operation and the enumerator IDX which should start at 0 and incremete for each @@ -1261,7 +1283,6 @@ static void show_one_sig_validity (gpgme_ctx_t ctx, int idx, STATE *s) 2 for a signature with a warning or -1 for no more signature. */ static int show_one_sig_status (gpgme_ctx_t ctx, int idx, STATE *s) { - time_t created; const char *fpr, *uid; gpgme_key_t key = NULL; int i, anybad = 0, anywarn = 0; @@ -1290,7 +1311,6 @@ static int show_one_sig_status (gpgme_ctx_t ctx, int idx, STATE *s) signature_key = NULL; } - created = sig->timestamp; fpr = sig->fpr; sum = sig->summary; @@ -1315,41 +1335,28 @@ static int show_one_sig_status (gpgme_ctx_t ctx, int idx, STATE *s) ; /* No state information so no way to print anything. */ else if (err) { - state_attach_puts (_("Error getting key information: "), s); - state_attach_puts ( gpg_strerror (err), s ); - state_attach_puts ("\n", s); - anybad = 1; + state_attach_puts (_("Error getting key information: "), s); + state_attach_puts ( gpg_strerror (err), s ); + state_attach_puts ("\n", s); + anybad = 1; } else if ((sum & GPGME_SIGSUM_GREEN)) - { - state_attach_puts (_("Good signature from: "), s); - state_attach_puts (uid, s); - state_attach_puts ("\n", s); - for (i = 1, uids = key->uids; uids; i++, uids = uids->next) - { - if (i == 1) - /* Skip primary UID. */ - continue; - if (uids->revoked) - continue; - state_attach_puts (_(" aka: "), s); - state_attach_puts (uids->uid, s); - state_attach_puts ("\n", s); - } - state_attach_puts (_(" created: "), s); - print_time (created, s); - state_attach_puts ("\n", s); - if (show_sig_summary (sum, ctx, key, idx, s, sig)) - anywarn = 1; - show_one_sig_validity (ctx, idx, s); - } + { + state_attach_puts (_("Good signature from: "), s); + print_smime_keyinfo (sig, key, s); + state_attach_puts (_(" expires: "), s); + print_time (sig->exp_timestamp, s); + state_attach_puts ("\n", s); + if (show_sig_summary (sum, ctx, key, idx, s, sig)) + anywarn = 1; + show_one_sig_validity (ctx, idx, s); + } else if ((sum & GPGME_SIGSUM_RED)) - { - state_attach_puts (_("*BAD* signature claimed to be from: "), s); - state_attach_puts (uid, s); - state_attach_puts ("\n", s); - show_sig_summary (sum, ctx, key, idx, s, sig); - } + { + state_attach_puts (_("*BAD* signature claimed to be from: "), s); + print_smime_keyinfo (sig, key, s); + show_sig_summary (sum, ctx, key, idx, s, sig); + } else if (!anybad && key && (key->protocol == GPGME_PROTOCOL_OpenPGP)) { /* We can't decide (yellow) but this is a PGP key with a good signature, so we display what a PGP user expects: The name, @@ -1359,7 +1366,7 @@ static int show_one_sig_status (gpgme_ctx_t ctx, int idx, STATE *s) state_attach_puts (uid, s); state_attach_puts ("\n", s); state_attach_puts (_(" created: "), s); - print_time (created, s); + print_time (sig->timestamp, s); state_attach_puts ("\n", s); show_one_sig_validity (ctx, idx, s); show_fingerprint (key,s); @@ -1367,11 +1374,15 @@ static int show_one_sig_status (gpgme_ctx_t ctx, int idx, STATE *s) anywarn = 1; } else /* can't decide (yellow) */ - { - state_attach_puts (_("Error checking signature"), s); - state_attach_puts ("\n", s); - show_sig_summary (sum, ctx, key, idx, s, sig); - } + { + state_attach_puts (_("Problem signature from: "), s); + print_smime_keyinfo (sig, key, s); + state_attach_puts (_(" expires: "), s); + print_time (sig->exp_timestamp, s); + state_attach_puts ("\n", s); + show_sig_summary (sum, ctx, key, idx, s, sig); + anywarn = 1; + } if (key != signature_key) gpgme_key_release (key); -- 2.50.0