* Set default ssl configuration for Homebrew in MAC OSX to

     /usr/local/etc/openssl, under the advice of Sam Hathaway.

   * Add management certificate support for containers.

   * Fix crashing bugs introduced in version 2.19.9, which did not allow
     alpine to start with the -passfile and use a remote pinerc. Reported by
     Ulf-Dietrich Braumann.

   * fix a bug which was introduced in version 2.19.9, where Alpine would
     free a certificate associated to a key after encryption, and so this
     could not be used during decryption. We use X509_dup to copy the cert
     and so make the copy be freed, and not the original.

   * S/MIME: sign messages using intermediate certificates when needed and
     possible.

5 files changed, 45 insertions, 37 deletions

diff --git a/alpine/alpine.c b/alpine/alpine.c
index b34469e9..cb818498 100644
--- a/alpine/alpine.c
+++ b/alpine/alpine.c
@@ -192,7 +192,6 @@ main(int argc, char **argv)
     pith_opt_smime_get_passphrase  = smime_get_passphrase;
     pith_smime_import_certificate  = smime_import_certificate;
     pith_smime_enter_password	   = alpine_get_password;
-    pith_opt_get_data_prompt	   = alpine_get_data_prompt;
 #endif
 #ifdef	ENABLE_LDAP
     pith_opt_save_ldap_entry       = save_ldap_entry;
diff --git a/alpine/imap.c b/alpine/imap.c
index 04da3065..6db0a0bc 100644
--- a/alpine/imap.c
+++ b/alpine/imap.c
@@ -2375,12 +2375,12 @@ read_passfile(pinerc, l)
 #ifdef SMIME
     smime_init();
     if(ps_global->smime->pwdcert == NULL)
-       setup_pwdcert();
+       setup_pwdcert(&ps_global->smime->pwdcert);
     tmp2[0] = '\0';
     fgets(tmp2, sizeof(tmp2), fp);
     fclose(fp);
     if(strcmp(tmp2, "-----BEGIN PKCS7-----\n")){
-       if(encrypt_file(tmp, NULL, ps_global->smime->pwdcert))
+       if(encrypt_file((char *)tmp, NULL, (PERSONAL_CERT *)ps_global->smime->pwdcert))
 	  encrypted++;
     }
     else
@@ -2399,7 +2399,7 @@ read_passfile(pinerc, l)
      * unencrypted and rewritten again.
      */
     if(encrypted){
-	text = text2 = decrypt_file(tmp, &i, ps_global->smime->pwdcert);
+	text = text2 = decrypt_file((char *)tmp, &i, (PERSONAL_CERT *)ps_global->smime->pwdcert);
 	switch(i){
 	   case 1 : save_password = 1;
 		    break;
@@ -2631,7 +2631,7 @@ write_passfile(pinerc, l)
 
     fclose(fp);
 #ifdef SMIME
-    if(encrypt_file(tmp2, text, ps_global->smime->pwdcert) == 0){
+    if(encrypt_file((char *)tmp2, text, (PERSONAL_CERT *) ps_global->smime->pwdcert) == 0){
 	if((fp = our_fopen(tmp2, "wb")) != NULL){
 	   fputs(text, fp);
 	   fclose(fp);
diff --git a/alpine/mailcmd.c b/alpine/mailcmd.c
index d9a6f412..0ea1617c 100644
--- a/alpine/mailcmd.c
+++ b/alpine/mailcmd.c
@@ -4,8 +4,8 @@ static char rcsid[] = "$Id: mailcmd.c 1266 2009-07-14 18:39:12Z hubert@u.washing
 
 /*
  * ========================================================================
- * Copyright 2006-2009 University of Washington
  * Copyright 2013-2014 Eduardo Chappa
+ * Copyright 2006-2009 University of Washington
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -302,25 +302,14 @@ static ESCKEY_S flag_text_opt[] = {
     {-1, 0, NULL, NULL}
 };
 
-int alpine_get_data_prompt(char *prompt, char *value, size_t len)
-{
-  int rv, flags;
-  flags = OE_DISALLOW_HELP;
-  value[0] = '\0';
-  rv =  optionally_enter(value, -FOOTER_ROWS(ps_global), 0, len,
-                               prompt, NULL, NO_HELP, &flags);
-  return rv;
-}
-
 int 
 alpine_get_password(char *prompt, char *pass, size_t len)
 {
-  int rv, flags;
-  flags = OE_PASSWD | OE_DISALLOW_HELP;
+  int flags = OE_PASSWD | OE_DISALLOW_HELP;
   pass[0] = '\0';
-  rv =  optionally_enter(pass, -FOOTER_ROWS(ps_global), 0, len,
-                               prompt, NULL, NO_HELP, &flags);
-  return rv;
+  return optionally_enter(pass, 
+			-(ps_global->ttyo ? FOOTER_ROWS(ps_global) : 3),
+                         0, len, prompt, NULL, NO_HELP, &flags);
 }
 
 int smime_import_certificate(char *filename, char *full_filename, size_t len)
diff --git a/alpine/osdep/mswinver.c b/alpine/osdep/mswinver.c
index 8723ee1a..a733b180 100644
--- a/alpine/osdep/mswinver.c
+++ b/alpine/osdep/mswinver.c
@@ -34,7 +34,7 @@ mswin_majorver()
 int
 mswin_minorver()
 {
-    return(VER_MINOR 19);
+    return(VER_MINOR);
 }
 
 
diff --git a/alpine/smime.c b/alpine/smime.c
index b8fc9791..c2484108 100644
--- a/alpine/smime.c
+++ b/alpine/smime.c
@@ -35,6 +35,7 @@ static char rcsid[] = "$Id: smime.c 1074 2008-06-04 00:08:43Z hubert@u.washingto
 #include "../pith/conf.h"
 #include "../pith/list.h"
 #include "../pith/mailcmd.h"
+#include "../pith/tempfile.h"
 #include "radio.h"
 #include "keymenu.h"
 #include "mailview.h"
@@ -58,7 +59,7 @@ int      smime_helper_tool(struct pine *, int, CONF_S **, unsigned);
 int      smime_public_certs_tool(struct pine *, int, CONF_S **, unsigned);
 void 	 manage_certificates(struct pine *, WhichCerts);
 void     smime_manage_certs_init (struct pine *, CONF_S **, CONF_S **, WhichCerts, int);
-void	 display_certificate_information(struct pine *, X509 *, char *, WhichCerts);
+void	 display_certificate_information(struct pine *, X509 *, char *, WhichCerts, int num);
 int	 manage_certs_tool(struct pine *ps, int cmd, CONF_S **cl, unsigned flags);
 int	 manage_certificate_info_tool(int, MSGNO_S *, SCROLL_S *);
 
@@ -922,7 +923,7 @@ smime_config_init_display(struct pine *ps, CONF_S **ctmp, CONF_S **first_line)
     (*ctmp)->varmem         = 11;
 }
 
-void display_certificate_information(struct pine *ps, X509 *cert, char *email, WhichCerts ctype)
+void display_certificate_information(struct pine *ps, X509 *cert, char *email, WhichCerts ctype, int num)
 {
     STORE_S  *store;
     SCROLL_S  scrollargs;
@@ -954,27 +955,46 @@ void display_certificate_information(struct pine *ps, X509 *cert, char *email, W
 	   break;
 
 	case MC_TRUST:
-	   save_cert_for(email, cert, CACert);
+	   if(SMHOLDERTYPE(CACert) == Directory)
+	      save_cert_for(email, cert, CACert);
+	   else{ /* if(SMHOLDERTYPE(CACert) == Container) */
+	      char  path[MAXPATH];
+	      char  *upath = PATHCERTDIR(ctype);
+	      char *tempfile = tempfile_in_same_dir(path, "az", NULL);
+	      CertList *clist;
+
+	      if(IS_REMOTE(upath))
+		strncpy(path, temp_nam(NULL, "a6"), sizeof(path)-1);
+	      else
+		strncpy(path, upath, sizeof(path)-1);
+	      path[sizeof(path)-1] = '\0';
+
+	      add_to_end_of_certlist(&ps_global->smime->cacertlist, email, X509_dup(cert));
+	      for(clist=ps_global->smime->cacertlist; clist && clist->next; clist = clist->next);
+	      certlist_to_file(tempfile, clist);
+	      add_file_to_container(CACert, tempfile, email);
+	      unlink(tempfile);
+	   }
 	   renew_store();
 	   new_store = 1;
 	   break;
 
 	case MC_DELETE:
-	   if (get_cert_deleted(ctype, email) != 0)
+	   if (get_cert_deleted(ctype, num) != 0)
 	      q_status_message(SM_ORDER, 1, 3, _("Certificate already deleted"));
 	   else{
-	      mark_cert_deleted(ctype, email, 1);
+	      mark_cert_deleted(ctype, num, 1);
 	      q_status_message(SM_ORDER, 1, 3, _("Certificate marked deleted"));
 	   }
 	   break;
 
 	case MC_UNDELETE:
-	   if (get_cert_deleted(ctype, email) != 0)
-	      q_status_message(SM_ORDER, 1, 3, _("Certificate not marked deleted"));
-	   else{
-	      mark_cert_deleted(ctype, email, 0);
-	      q_status_message(SM_ORDER, 1, 3, _("Certificate will not be deleted"));
+	   if (get_cert_deleted(ctype, num) != 0){
+	      mark_cert_deleted(ctype, num, 0);
+	      q_status_message(SM_ORDER, 1, 3, _("Certificate marked UNdeleted"));
 	   }
+	   else
+	      q_status_message(SM_ORDER, 1, 3, _("Certificate not marked deleted"));
 	   break;
 
 	default: break;
@@ -1107,7 +1127,7 @@ manage_certs_tool(struct pine *ps, int cmd, CONF_S **cl, unsigned flags)
 	      rv = 0;
 	   }
 	   else{
-	      display_certificate_information(ps, cert, (*cl)->value+3, ctype);
+	      display_certificate_information(ps, cert, (*cl)->value+3, ctype, (*cl)->varmem);
 	      rv = 10 + (*cl)->varmem;
 	   }
 	   break;
@@ -1118,7 +1138,7 @@ manage_certs_tool(struct pine *ps, int cmd, CONF_S **cl, unsigned flags)
 	   else{
 	      (*cl)->d.s.deleted = 1;
 	      rv = 10 + (*cl)->varmem;		/* forces redraw */
-	      mark_cert_deleted(ctype, (*cl)->value+3, 1);
+	      mark_cert_deleted(ctype, (*cl)->varmem, 1);
 	      q_status_message(SM_ORDER, 1, 3, _("Certificate marked deleted"));
 	   }
 	   break;
@@ -1128,9 +1148,9 @@ manage_certs_tool(struct pine *ps, int cmd, CONF_S **cl, unsigned flags)
 	      q_status_message(SM_ORDER, 1, 3, _("Certificate not marked deleted"));
 	   else{
 	      (*cl)->d.s.deleted = 0;
-	      mark_cert_deleted(ctype, (*cl)->value+3, 0);
+	      mark_cert_deleted(ctype, (*cl)->varmem, 0);
 	      rv = 10 + (*cl)->varmem;		/* forces redraw */
-	      q_status_message(SM_ORDER, 1, 3, _("Certificate will not be deleted"));
+	      q_status_message(SM_ORDER, 1, 3, _("Certificate marked UNdeleted"));
 	   }
 	   break;
 
@@ -1228,7 +1248,7 @@ void smime_manage_certs_init(struct pine *ps, CONF_S **ctmp, CONF_S **first_line
 
 	    new_confline(ctmp);
 	    (*ctmp)->d.s.ctype  = ctype;
-	    (*ctmp)->d.s.deleted = get_cert_deleted(ctype, cl->name);
+	    (*ctmp)->d.s.deleted = get_cert_deleted(ctype, i);
 	    (*ctmp)->tool       = manage_certs_tool;
 	    (*ctmp)->keymenu    = &config_smime_manage_certs_work_keymenu;
 	    (*ctmp)->varmem     = i++;