+2000-12-03 12:00:00 ShengHuo ZHU <zsh@cs.rochester.edu>
+
+ * mml2015.el (mml2015-fix-micalg): Alg might be nil.
+
+2000-12-01 Christopher Splinter <chris@splinter.inka.de>
+
+ * gnus-sum.el (gnus-summary-limit-to-age): Fix typo.
+
+2000-12-01 Simon Josefsson <sj@extundo.com>
+
+ * mml-smime.el (mml-smime-verify): Fix address parsing.
+
+2000-12-01 Simon Josefsson <sj@extundo.com>
+
+ * mml-smime.el (mml-smime-verify): Don't modify MM buffer. Handle
+ more than one certificate inside PKCS#7 blob. Better security
+ information (clamed / actual sender, openssl output, certificates
+ inside message).
+
+ * smime.el (smime-verify-region): Output to /dev/null.
+ (smime-buffer-as-string-region): Don't parse empty lines.
+
2000-11-30 23:00:00 ShengHuo ZHU <zsh@cs.rochester.edu>
* gnus-art.el (gnus-mime-security-button-line-format-alist): Add
certs))
(defun mml-smime-verify (handle ctl)
- (with-current-buffer (mm-handle-multipart-original-buffer ctl)
- ;; xxx modifies buffer -- noone else uses the buffer, so what the heck
+ (with-temp-buffer
+ (insert-buffer (mm-handle-multipart-original-buffer ctl))
(goto-char (point-min))
(insert (format "Content-Type: %s; " (mm-handle-media-type ctl)))
(insert (format "protocol=\"%s\"; "
(mm-handle-multipart-ctl-parameter ctl 'boundary)))
(when (get-buffer smime-details-buffer)
(kill-buffer smime-details-buffer))
- (if (smime-verify-buffer)
+ (let ((buf (current-buffer))
+ (good-signature (smime-verify-buffer))
+ addresses openssl-output)
+ (setq openssl-output (with-current-buffer smime-details-buffer
+ (buffer-string)))
+ (if (not good-signature)
+ (progn
+ ;; we couldn't verify message, fail with openssl output as message
+ (mm-set-handle-multipart-parameter
+ mm-security-handle 'gnus-info "Failed")
+ (mm-set-handle-multipart-parameter
+ mm-security-handle 'gnus-details
+ (concat "OpenSSL failed to verify message:\n"
+ "---------------------------------\n"
+ openssl-output)))
;; verify mail addresses in mail against those in certificate
(when (and (smime-pkcs7-region (point-min) (point-max))
(smime-pkcs7-certificates-region (point-min) (point-max)))
(with-temp-buffer
- (insert-buffer-substring (mm-handle-multipart-original-buffer ctl))
- (if (not (member mm-security-from
- (and (smime-pkcs7-email-region
- (point-min) (point-max))
- (smime-buffer-as-string-region
- (point-min) (point-max)))))
- (progn
- (mm-set-handle-multipart-parameter
- mm-security-handle 'gnus-info "Sender forged")
- (mm-set-handle-multipart-parameter
- mm-security-handle 'gnus-details
- (with-current-buffer
- (mm-handle-multipart-original-buffer ctl)
- (buffer-string))))
- (mm-set-handle-multipart-parameter
- mm-security-handle 'gnus-info "OK")
- (kill-buffer smime-details-buffer))))
- (mm-set-handle-multipart-parameter
- mm-security-handle 'gnus-info "Failed")
- (mm-set-handle-multipart-parameter
- mm-security-handle 'gnus-details
- (with-current-buffer smime-details-buffer
- (buffer-string))))
- handle))
+ (insert-buffer-substring buf)
+ (goto-char (point-min))
+ (while (re-search-forward "-----END CERTIFICATE-----" nil t)
+ (smime-pkcs7-email-region (point-min) (point))
+ (setq addresses (append (smime-buffer-as-string-region
+ (point-min) (point)) addresses))
+ (delete-region (point-min) (point)))))
+ (if (not (member mm-security-from addresses))
+ (mm-set-handle-multipart-parameter
+ mm-security-handle 'gnus-info "Sender forged")
+ (mm-set-handle-multipart-parameter
+ mm-security-handle 'gnus-info "OK"))
+ (mm-set-handle-multipart-parameter
+ mm-security-handle 'gnus-details
+ (concat "Sender clamed to be: " mm-security-from "\n"
+ (if addresses
+ (concat "Addresses in certificate: "
+ (mapconcat 'identity addresses ", "))
+ "No addresses found in certificate.")
+ "\n" "\n"
+ "OpenSSL output:\n"
+ "---------------\n" openssl-output "\n"
+ "Certificate(s) inside S/MIME signature:\n"
+ "---------------------------------------\n"
+ (buffer-string) "\n")))))
+ handle)
(defun mml-smime-verify-test (handle ctl)
smime-openssl-program)
-;;; starttls.el --- TLSv1 functions
+;;; starttls.el --- STARTTLS functions
-;; Copyright (C) 1999 Daiki Ueno
+;; Copyright (C) 1999, 2000 Free Software Foundation, Inc.
-;; Author: Daiki Ueno <ueno@ueda.info.waseda.ac.jp>
+;; Author: Daiki Ueno <ueno@unixuser.org>
;; Created: 1999/11/20
;; Keywords: TLS, SSL, OpenSSL
;;; Commentary:
-;; This module defines some utility functions for TLSv1 functions.
-
-;; [RFC 2246] "The TLS Protocol Version 1.0"
-;; by Christopher Allen <callen@certicom.com> and
-;; Tim Dierks <tdierks@certicom.com> (1999/01)
+;; This module defines some utility functions for STARTTLS profiles.
;; [RFC 2595] "Using TLS with IMAP, POP3 and ACAP"
;; by Chris Newman <chris.newman@innosoft.com> (1999/06)
Third arg is name of the host to connect to, or its IP address.
Fourth arg SERVICE is name of the service desired, or an integer
specifying a port number to connect to."
-
(let* ((process-connection-type nil)
- (process (apply #'start-process
+ (process (apply #'start-process
name buffer starttls-program
host (format "%s" service)
starttls-extra-args)))
projects / elisp / gnus.git- / commitdiff