From fe6139e073a2810420a8f6f869171a262929022d Mon Sep 17 00:00:00 2001 From: Eduardo Chappa Date: Mon, 14 Dec 2015 19:11:35 -0700 Subject: [PATCH] * S/MIME: When reading a local certificate, Alpine converts the name of the certificate to lowercase, which may make Alpine not be able to read such certificate. Reported by Dennis Davis. --- alpine/smime.c | 2 +- pith/pine.hlp | 8 ++++++-- pith/smime.c | 12 ++++++------ pith/smkeys.c | 7 ++++--- pith/smkeys.h | 2 +- 5 files changed, 18 insertions(+), 13 deletions(-) diff --git a/alpine/smime.c b/alpine/smime.c index 71104b2..82adc14 100644 --- a/alpine/smime.c +++ b/alpine/smime.c @@ -1248,7 +1248,7 @@ manage_certs_tool(struct pine *ps, int cmd, CONF_S **cl, unsigned flags) if(PATHCERTDIR(ctype) == NULL) return 0; - if((cert = get_cert_for((*cl)->d.s.address, ctype)) == NULL){ + if((cert = get_cert_for((*cl)->d.s.address, ctype, 0)) == NULL){ q_status_message(SM_ORDER, 1, 3, _("Problem Reading Certificate")); rv = 0; } diff --git a/pith/pine.hlp b/pith/pine.hlp index 1ec429f..859724d 100644 --- a/pith/pine.hlp +++ b/pith/pine.hlp @@ -140,7 +140,7 @@ with help text for the config screen and the composer that didn't have any reasonable place to be called from. Dummy change to get revision in pine.hlp ============= h_revision ================= -Alpine Commit 115 2015-12-07 00:01:48 +Alpine Commit 116 2015-12-14 19:09:59 ============= h_news ================= @@ -195,7 +195,7 @@ Additions include: in lower case, as some SMTP servers, such as those of libero.it reject messages if the boundary attribute is in uppercase. -
  • SMIME: The ^E command that gives infromation on the certificate +
  • SMIME: The ctrl-E command that gives information on the certificate is only available for messages that have a signed or encrypted part. @@ -325,6 +325,10 @@ Bugs that have been addressed include:
  • SMIME: Alpine does not remove remporary files created when adding a CA certificate to a container. Reported by Holger Trapp. +
  • SMIME: When reading a local certificate, Alpine converts the name + of the certificate to lowercase, which may make Alpine not be able + to read such certificate. Reported by Dennis Davis. +
  • Pico: Searching for a string that is too long causes Pico to crash in the next search. diff --git a/pith/smime.c b/pith/smime.c index 30f42a2..e4448e7 100644 --- a/pith/smime.c +++ b/pith/smime.c @@ -928,7 +928,7 @@ certlist_from_personal_certs(PERSONAL_CERT *pc) cl = fs_get(sizeof(CertList)); memset((void *)cl, 0, sizeof(CertList)); cl->name = cpystr(pc->name); - x = get_cert_for(pc->name, Public); + x = get_cert_for(pc->name, Public, 1); if(x){ if(x->cert_info){ cl->data.date_from = smime_get_date(x->cert_info->validity->notBefore); @@ -1087,7 +1087,7 @@ get_personal_certs(char *path) /* chop off ".key" trailier */ buf2[strlen(buf2)-4] = 0; /* Look for certificate */ - cert = get_cert_for(buf2, Public); + cert = get_cert_for(buf2, Public, 1); if(cert){ PERSONAL_CERT *pc; @@ -2317,7 +2317,7 @@ encrypt_outgoing_message(METAENV *header, BODY **bodyP) for(a=*pf->addr; a; a=a->next){ snprintf(buf, sizeof(buf), "%s@%s", a->mailbox, a->host); - if((cert = get_cert_for(buf, Public)) != NULL){ + if((cert = get_cert_for(buf, Public, 1)) != NULL){ sk_X509_push(encerts,cert); }else{ q_status_message2(SM_ORDER, 1, 1, @@ -2332,7 +2332,7 @@ encrypt_outgoing_message(METAENV *header, BODY **bodyP) for(a=header->env->from; a ; a = a->next){ snprintf(buf, sizeof(buf), "%s@%s", a->mailbox, a->host); - if((cert = get_cert_for(buf, Public)) != NULL + if((cert = get_cert_for(buf, Public, 1)) != NULL && sk_X509_find(encerts, cert) == -1) sk_X509_push(encerts,cert); } @@ -2496,7 +2496,7 @@ int smime_extract_and_save_cert(PKCS7 *p7, int check_cert) if((email = get_x509_subject_email(x)) != NULL){ for(j = 0; email[j] != NULL; j++){ - if((cert = get_cert_for(email[j], Public)) == NULL + if((cert = get_cert_for(email[j], Public, 1)) == NULL || same_cert(x, cert) == 0){ if(check_cert == 0 || smime_validate_cert(x, &error) == 0 @@ -2547,7 +2547,7 @@ do_signature_verify(PKCS7 *p7, BIO *in, BIO *out, int silent) if(cl->x509_cert == NULL){ char *s = strrchr(cl->name, '.'); *s = '\0'; - cl->x509_cert = get_cert_for(cl->name, Public); + cl->x509_cert = get_cert_for(cl->name, Public, 1); *s = '.'; } } diff --git a/pith/smkeys.c b/pith/smkeys.c index c5c24bc..ce7ad87 100644 --- a/pith/smkeys.c +++ b/pith/smkeys.c @@ -865,7 +865,7 @@ save_cert_for(char *email, X509 *cert, WhichCerts ctype) * The caller should free the cert. */ X509 * -get_cert_for(char *email, WhichCerts ctype) +get_cert_for(char *email, WhichCerts ctype, int tolower) { char certfilename[MAXPATH]; char emailaddr[MAXPATH]; @@ -883,7 +883,8 @@ get_cert_for(char *email, WhichCerts ctype) emailaddr[sizeof(emailaddr)-1] = 0; /* clean it up (lowercase, space removal) */ - emailstrclean(emailaddr); + if(tolower) + emailstrclean(emailaddr); if(ps_global->smime->publictype == Keychain){ #ifdef APPLEKEYCHAIN @@ -1052,7 +1053,7 @@ mem_to_personal_certs(char *contents) if(strncmp(EMAILADDRLEADER, line, strlen(EMAILADDRLEADER)) == 0){ name = line + strlen(EMAILADDRLEADER); - cert = get_cert_for(name, Public); + cert = get_cert_for(name, Public, 1); keytext = p; /* advance p past this record */ diff --git a/pith/smkeys.h b/pith/smkeys.h index e7dbe39..0a2b006 100644 --- a/pith/smkeys.h +++ b/pith/smkeys.h @@ -51,7 +51,7 @@ typedef struct personal_cert { int add_certs_in_dir(X509_LOOKUP *lookup, char *path, char *ext, CertList **cdata); X509_STORE *get_ca_store(void); PERSONAL_CERT *get_personal_certs(char *d); -X509 *get_cert_for(char *email, WhichCerts ctype); +X509 *get_cert_for(char *email, WhichCerts ctype, int tolower); void save_cert_for(char *email, X509 *cert, WhichCerts ctype); char **get_x509_subject_email(X509 *x); EVP_PKEY *load_key(PERSONAL_CERT *pc, char *pass, int flag); -- 2.11.4.GIT