summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEduardo Chappa <chappa@washington.edu>2015-12-14 19:11:35 -0700
committerEduardo Chappa <chappa@washington.edu>2015-12-14 19:11:35 -0700
commitfe6139e073a2810420a8f6f869171a262929022d (patch)
tree37960c85dfc2d4a902a600d535c74effdb0ad36c
parent29fbd1d5e424fadcf54a338aee8e57a9285fdf4b (diff)
downloadalpine-fe6139e073a2810420a8f6f869171a262929022d.tar.xz
* S/MIME: When reading a local certificate, Alpine converts the name of
the certificate to lowercase, which may make Alpine not be able to read such certificate. Reported by Dennis Davis.
-rw-r--r--alpine/smime.c2
-rw-r--r--pith/pine.hlp8
-rw-r--r--pith/smime.c12
-rw-r--r--pith/smkeys.c7
-rw-r--r--pith/smkeys.h2
5 files changed, 18 insertions, 13 deletions
diff --git a/alpine/smime.c b/alpine/smime.c
index 71104b2c..82adc145 100644
--- a/alpine/smime.c
+++ b/alpine/smime.c
@@ -1248,7 +1248,7 @@ manage_certs_tool(struct pine *ps, int cmd, CONF_S **cl, unsigned flags)
if(PATHCERTDIR(ctype) == NULL)
return 0;
- if((cert = get_cert_for((*cl)->d.s.address, ctype)) == NULL){
+ if((cert = get_cert_for((*cl)->d.s.address, ctype, 0)) == NULL){
q_status_message(SM_ORDER, 1, 3, _("Problem Reading Certificate"));
rv = 0;
}
diff --git a/pith/pine.hlp b/pith/pine.hlp
index 1ec429fe..859724dd 100644
--- a/pith/pine.hlp
+++ b/pith/pine.hlp
@@ -140,7 +140,7 @@ with help text for the config screen and the composer that didn't have any
reasonable place to be called from.
Dummy change to get revision in pine.hlp
============= h_revision =================
-Alpine Commit 115 2015-12-07 00:01:48
+Alpine Commit 116 2015-12-14 19:09:59
============= h_news =================
<HTML>
<HEAD>
@@ -195,7 +195,7 @@ Additions include:
in lower case, as some SMTP servers, such as those of libero.it
reject messages if the boundary attribute is in uppercase.
- <LI> SMIME: The ^E command that gives infromation on the certificate
+ <LI> SMIME: The ctrl-E command that gives information on the certificate
is only available for messages that have a signed or encrypted
part.
@@ -325,6 +325,10 @@ Bugs that have been addressed include:
<LI> SMIME: Alpine does not remove remporary files created when adding a
CA certificate to a container. Reported by Holger Trapp.
+ <LI> SMIME: When reading a local certificate, Alpine converts the name
+ of the certificate to lowercase, which may make Alpine not be able
+ to read such certificate. Reported by Dennis Davis.
+
<LI> Pico: Searching for a string that is too long causes Pico to crash
in the next search.
diff --git a/pith/smime.c b/pith/smime.c
index 30f42a22..e4448e74 100644
--- a/pith/smime.c
+++ b/pith/smime.c
@@ -928,7 +928,7 @@ certlist_from_personal_certs(PERSONAL_CERT *pc)
cl = fs_get(sizeof(CertList));
memset((void *)cl, 0, sizeof(CertList));
cl->name = cpystr(pc->name);
- x = get_cert_for(pc->name, Public);
+ x = get_cert_for(pc->name, Public, 1);
if(x){
if(x->cert_info){
cl->data.date_from = smime_get_date(x->cert_info->validity->notBefore);
@@ -1087,7 +1087,7 @@ get_personal_certs(char *path)
/* chop off ".key" trailier */
buf2[strlen(buf2)-4] = 0;
/* Look for certificate */
- cert = get_cert_for(buf2, Public);
+ cert = get_cert_for(buf2, Public, 1);
if(cert){
PERSONAL_CERT *pc;
@@ -2317,7 +2317,7 @@ encrypt_outgoing_message(METAENV *header, BODY **bodyP)
for(a=*pf->addr; a; a=a->next){
snprintf(buf, sizeof(buf), "%s@%s", a->mailbox, a->host);
- if((cert = get_cert_for(buf, Public)) != NULL){
+ if((cert = get_cert_for(buf, Public, 1)) != NULL){
sk_X509_push(encerts,cert);
}else{
q_status_message2(SM_ORDER, 1, 1,
@@ -2332,7 +2332,7 @@ encrypt_outgoing_message(METAENV *header, BODY **bodyP)
for(a=header->env->from; a ; a = a->next){
snprintf(buf, sizeof(buf), "%s@%s", a->mailbox, a->host);
- if((cert = get_cert_for(buf, Public)) != NULL
+ if((cert = get_cert_for(buf, Public, 1)) != NULL
&& sk_X509_find(encerts, cert) == -1)
sk_X509_push(encerts,cert);
}
@@ -2496,7 +2496,7 @@ int smime_extract_and_save_cert(PKCS7 *p7, int check_cert)
if((email = get_x509_subject_email(x)) != NULL){
for(j = 0; email[j] != NULL; j++){
- if((cert = get_cert_for(email[j], Public)) == NULL
+ if((cert = get_cert_for(email[j], Public, 1)) == NULL
|| same_cert(x, cert) == 0){
if(check_cert == 0
|| smime_validate_cert(x, &error) == 0
@@ -2547,7 +2547,7 @@ do_signature_verify(PKCS7 *p7, BIO *in, BIO *out, int silent)
if(cl->x509_cert == NULL){
char *s = strrchr(cl->name, '.');
*s = '\0';
- cl->x509_cert = get_cert_for(cl->name, Public);
+ cl->x509_cert = get_cert_for(cl->name, Public, 1);
*s = '.';
}
}
diff --git a/pith/smkeys.c b/pith/smkeys.c
index c5c24bcb..ce7ad873 100644
--- a/pith/smkeys.c
+++ b/pith/smkeys.c
@@ -865,7 +865,7 @@ save_cert_for(char *email, X509 *cert, WhichCerts ctype)
* The caller should free the cert.
*/
X509 *
-get_cert_for(char *email, WhichCerts ctype)
+get_cert_for(char *email, WhichCerts ctype, int tolower)
{
char certfilename[MAXPATH];
char emailaddr[MAXPATH];
@@ -883,7 +883,8 @@ get_cert_for(char *email, WhichCerts ctype)
emailaddr[sizeof(emailaddr)-1] = 0;
/* clean it up (lowercase, space removal) */
- emailstrclean(emailaddr);
+ if(tolower)
+ emailstrclean(emailaddr);
if(ps_global->smime->publictype == Keychain){
#ifdef APPLEKEYCHAIN
@@ -1052,7 +1053,7 @@ mem_to_personal_certs(char *contents)
if(strncmp(EMAILADDRLEADER, line, strlen(EMAILADDRLEADER)) == 0){
name = line + strlen(EMAILADDRLEADER);
- cert = get_cert_for(name, Public);
+ cert = get_cert_for(name, Public, 1);
keytext = p;
/* advance p past this record */
diff --git a/pith/smkeys.h b/pith/smkeys.h
index e7dbe396..0a2b0065 100644
--- a/pith/smkeys.h
+++ b/pith/smkeys.h
@@ -51,7 +51,7 @@ typedef struct personal_cert {
int add_certs_in_dir(X509_LOOKUP *lookup, char *path, char *ext, CertList **cdata);
X509_STORE *get_ca_store(void);
PERSONAL_CERT *get_personal_certs(char *d);
-X509 *get_cert_for(char *email, WhichCerts ctype);
+X509 *get_cert_for(char *email, WhichCerts ctype, int tolower);
void save_cert_for(char *email, X509 *cert, WhichCerts ctype);
char **get_x509_subject_email(X509 *x);
EVP_PKEY *load_key(PERSONAL_CERT *pc, char *pass, int flag);