Integrate S/MIME passwords into usual credential lookups (a bit)..
commite441efb4f4cfb416c26d06b8110633abfa643b76
authorSteffen (Daode) Nurpmeso <steffen@sdaoden.eu>
Fri, 30 Dec 2016 21:44:06 +0000 (30 22:44 +0100)
committerSteffen (Daode) Nurpmeso <steffen@sdaoden.eu>
Sat, 31 Dec 2016 16:59:37 +0000 (31 17:59 +0100)
tree66057f2c44c83dda47650884980e8885db9a88b5
parent15810373626d9aaa6bf6518d27dd04e7adea302a
Integrate S/MIME passwords into usual credential lookups (a bit)..

Until now we handle this very badly, and it can hardly be assumed
that anyone uses encrypted private keys in conjunction with us.

To top the horror, the password prompt -- which until now was the
sole thing to enter PEM passwords -- might appear while the $PAGER
is opened in a pipe, and we don't get this right, taking care for
the signals involved etc., that is to say.

To overcome this a bit, integrate PEM password lookup for S/MIME
signing and decryption into our usual (v15-style) credential
lookup by creating an URL with the given address and a pseudo
protocol, named ccred://, a.k.a. CPROTO_CCRED.
That is, we take email address and append pseudo-hosts,
.smime-cert-key, or .smime-cert-cert, or .smime-include-certs, and
perform a credential lookup for, e.g., bob@exam.ple.smime-cert-key.

So now all the possibilities for automatization of credential
lookup become possible for S/MIME PEM, too, mostly (encrypted)
.netrc lookup or (encrypted) resource file storage!
nail.1
nail.h
urlcrecry.c
xssl.c