* S/MIME: When reading a local certificate, Alpine converts the name of

     the certificate to lowercase, which may make Alpine not be able to
     read such certificate. Reported by Dennis Davis.

5 files changed, 18 insertions, 13 deletions

diff --git a/alpine/smime.c b/alpine/smime.c
index 71104b2c..82adc145 100644
--- a/alpine/smime.c
+++ b/alpine/smime.c
@@ -1248,7 +1248,7 @@ manage_certs_tool(struct pine *ps, int cmd, CONF_S **cl, unsigned flags)
 	   if(PATHCERTDIR(ctype) == NULL)
 	     return 0;
 	   
-	   if((cert = get_cert_for((*cl)->d.s.address, ctype)) == NULL){
+	   if((cert = get_cert_for((*cl)->d.s.address, ctype, 0)) == NULL){
 	      q_status_message(SM_ORDER, 1, 3, _("Problem Reading Certificate"));
 	      rv = 0;
 	   }
diff --git a/pith/pine.hlp b/pith/pine.hlp
index 1ec429fe..859724dd 100644
--- a/pith/pine.hlp
+++ b/pith/pine.hlp
@@ -140,7 +140,7 @@ with help text for the config screen and the composer that didn't have any
 reasonable place to be called from.
 Dummy change to get revision in pine.hlp
 ============= h_revision =================
-Alpine Commit 115 2015-12-07 00:01:48
+Alpine Commit 116 2015-12-14 19:09:59
 ============= h_news =================
 <HTML>
 <HEAD>
@@ -195,7 +195,7 @@ Additions include:
        in lower case, as some SMTP servers, such as those of libero.it 
        reject messages if the boundary attribute is in uppercase.
 
-  <LI> SMIME: The ^E command that gives infromation on the certificate
+  <LI> SMIME: The ctrl-E command that gives information on the certificate
        is only available for messages that have a signed or encrypted 
        part.
 
@@ -325,6 +325,10 @@ Bugs that have been addressed include:
   <LI> SMIME: Alpine does not remove remporary files created when adding a 
        CA certificate to a container. Reported by Holger Trapp.
 
+  <LI> SMIME: When reading a local certificate, Alpine converts the name 
+       of the certificate to lowercase, which may make Alpine not be able 
+       to read such certificate. Reported by Dennis Davis.
+
   <LI> Pico: Searching for a string that is too long causes Pico to crash
        in the next search.
 
diff --git a/pith/smime.c b/pith/smime.c
index 30f42a22..e4448e74 100644
--- a/pith/smime.c
+++ b/pith/smime.c
@@ -928,7 +928,7 @@ certlist_from_personal_certs(PERSONAL_CERT *pc)
    cl = fs_get(sizeof(CertList));
    memset((void *)cl, 0, sizeof(CertList));
    cl->name = cpystr(pc->name);
-   x = get_cert_for(pc->name, Public);
+   x = get_cert_for(pc->name, Public, 1);
    if(x){
      if(x->cert_info){
 	cl->data.date_from = smime_get_date(x->cert_info->validity->notBefore);
@@ -1087,7 +1087,7 @@ get_personal_certs(char *path)
 		/* chop off ".key" trailier */
 		buf2[strlen(buf2)-4] = 0;
 		/* Look for certificate */
-		cert = get_cert_for(buf2, Public);
+		cert = get_cert_for(buf2, Public, 1);
 
 		if(cert){
 		    PERSONAL_CERT *pc;
@@ -2317,7 +2317,7 @@ encrypt_outgoing_message(METAENV *header, BODY **bodyP)
             for(a=*pf->addr; a; a=a->next){
                 snprintf(buf, sizeof(buf), "%s@%s", a->mailbox, a->host);
 
-                if((cert = get_cert_for(buf, Public)) != NULL){
+                if((cert = get_cert_for(buf, Public, 1)) != NULL){
                   sk_X509_push(encerts,cert);
                 }else{
                     q_status_message2(SM_ORDER, 1, 1,
@@ -2332,7 +2332,7 @@ encrypt_outgoing_message(METAENV *header, BODY **bodyP)
     for(a=header->env->from; a ; a = a->next){
        snprintf(buf, sizeof(buf), "%s@%s", a->mailbox, a->host);
 
-       if((cert = get_cert_for(buf, Public)) != NULL
+       if((cert = get_cert_for(buf, Public, 1)) != NULL
 	  && sk_X509_find(encerts, cert) == -1)
          sk_X509_push(encerts,cert);
     }
@@ -2496,7 +2496,7 @@ int smime_extract_and_save_cert(PKCS7 *p7, int check_cert)
 
 	if((email = get_x509_subject_email(x)) != NULL){
 	  for(j = 0; email[j] != NULL; j++){
-	     if((cert = get_cert_for(email[j], Public)) == NULL 
+	     if((cert = get_cert_for(email[j], Public, 1)) == NULL 
 		  || same_cert(x, cert) == 0){
 		if(check_cert == 0
 		   || smime_validate_cert(x, &error) == 0
@@ -2547,7 +2547,7 @@ do_signature_verify(PKCS7 *p7, BIO *in, BIO *out, int silent)
 	  if(cl->x509_cert == NULL){
 	    char *s = strrchr(cl->name, '.');
 	    *s = '\0';
-	    cl->x509_cert = get_cert_for(cl->name, Public);
+	    cl->x509_cert = get_cert_for(cl->name, Public, 1);
 	    *s = '.';
 	  }
        }
diff --git a/pith/smkeys.c b/pith/smkeys.c
index c5c24bcb..ce7ad873 100644
--- a/pith/smkeys.c
+++ b/pith/smkeys.c
@@ -865,7 +865,7 @@ save_cert_for(char *email, X509 *cert, WhichCerts ctype)
  * The caller should free the cert.
  */
 X509 *
-get_cert_for(char *email, WhichCerts ctype)
+get_cert_for(char *email, WhichCerts ctype, int tolower)
 {
     char	certfilename[MAXPATH];
     char    	emailaddr[MAXPATH];
@@ -883,7 +883,8 @@ get_cert_for(char *email, WhichCerts ctype)
     emailaddr[sizeof(emailaddr)-1] = 0;
     
     /* clean it up (lowercase, space removal) */
-    emailstrclean(emailaddr);
+    if(tolower)
+       emailstrclean(emailaddr);
 
     if(ps_global->smime->publictype == Keychain){
 #ifdef APPLEKEYCHAIN
@@ -1052,7 +1053,7 @@ mem_to_personal_certs(char *contents)
 
 	    if(strncmp(EMAILADDRLEADER, line, strlen(EMAILADDRLEADER)) == 0){
 		name = line + strlen(EMAILADDRLEADER);
-		cert = get_cert_for(name, Public);
+		cert = get_cert_for(name, Public, 1);
 		keytext = p;
 
 		/* advance p past this record */
diff --git a/pith/smkeys.h b/pith/smkeys.h
index e7dbe396..0a2b0065 100644
--- a/pith/smkeys.h
+++ b/pith/smkeys.h
@@ -51,7 +51,7 @@ typedef struct personal_cert {
 int	       add_certs_in_dir(X509_LOOKUP *lookup, char *path, char *ext, CertList **cdata);
 X509_STORE    *get_ca_store(void);
 PERSONAL_CERT *get_personal_certs(char *d);
-X509          *get_cert_for(char *email, WhichCerts ctype);
+X509          *get_cert_for(char *email, WhichCerts ctype, int tolower);
 void           save_cert_for(char *email, X509 *cert, WhichCerts ctype);
 char         **get_x509_subject_email(X509 *x);
 EVP_PKEY      *load_key(PERSONAL_CERT *pc, char *pass, int flag);