* Create help for explaining how encrypted password file support

     works.

   * When a message is sent encrypted, add the sender certificate so that
     the sender can decrypt it too.

   * When a message is signed and encrypted, first sign it and then encrypt
     it. This changes the usual order of encrypting and then signing, and it has
     the shortcoming of making bigger messages. However, this is the way that
     most clients work with S/MIME, and so for compatibility with other programs,
     we will send signed, then encrypted, instead of encrypted, then signed.
     Hmm... should we sign the encrypted part?

   * Avoid the first RSET smtp command, as this causes delays in some evily
     managed servers.

1 files changed, 4 insertions, 4 deletions

diff --git a/pith/send.c b/pith/send.c
index bd99d49a..4620d1aa 100644
--- a/pith/send.c
+++ b/pith/send.c
@@ -1768,12 +1768,12 @@ call_mailer(METAENV *header, struct mail_bodystruct *body, char **alt_smtp_serve
     
     	result = 1;
     
-    	if(ps_global->smime->do_encrypt)
-    	  result = encrypt_outgoing_message(header, &body);
+    	if(ps_global->smime->do_sign)
+	  result = sign_outgoing_message(header, &body, 0);
 	
 	/* need to free new body from encrypt if sign fails? */
-	if(result && ps_global->smime->do_sign)
-	  result = sign_outgoing_message(header, &body, ps_global->smime->do_encrypt);
+	if(result && ps_global->smime->do_encrypt)
+    	  result = encrypt_outgoing_message(header, &body);
 	
 	lmc.so = so;