* SMIME: Crash if public certificates are located in an inaccessible

     remote server and the private key is not available.

   * SMIME: Management of several alternate name (SAN) certificates is
     improved. When importing a SAN certificate, also import a certificate
     for the filename, besides for the e-mail addresses in the
     certificate.

   * When saving an attachment, the "^T" command leads to a screen where the
     "A" command can be used to add a file. A directory can be added by
     pressing "^X" after the "A" command. Added after a suggestion by
     Stefan Goessling.

3 files changed, 39 insertions, 14 deletions

diff --git a/pith/pine.hlp b/pith/pine.hlp
index cac10d74..6fdbd01f 100644
--- a/pith/pine.hlp
+++ b/pith/pine.hlp
@@ -140,7 +140,7 @@ with help text for the config screen and the composer that didn't have any
 reasonable place to be called from.
 Dummy change to get revision in pine.hlp
 ============= h_revision =================
-Alpine Commit 102 2015-09-09 19:01:06
+Alpine Commit 103 2015-09-18 22:15:37
 ============= h_news =================
 <HTML>
 <HEAD>
@@ -204,6 +204,17 @@ Additions include:
        certificate management screen for certificate authorities. 
        Suggested by Matthias Rieber.
 
+  <LI> SMIME: Management of several alternate name (SAN) certificates is 
+       improved. When importing a SAN certificate, also import a certificate
+       for the filename, besides for the e-mail addresses in the
+       certificate. Suggested by Matthias Rieber.
+
+  <LI> SMIME: add full year when displaying information about a certificate
+       in the certificate management screen. Suggested by Matthias Rieber.
+
+  <LI> SMIME: sort certificates by some type of alphabetical order in the
+       displayed name.
+
   <LI> HTML: Add support for decoding entities in hexadecimal notation.
        Suggested by Tulip&aacute;nt Gergely.
 
@@ -260,11 +271,10 @@ Additions include:
   <LI> Reimplementation of the code that allows the .pinerc file to be a
        symbolic link by Kyle George from tcpsoft.com to use realpath.
 
-  <LI> SMIME: add full year when displaying information about a certificate
-       in the certificate management screen. Suggested by Matthias Rieber.
-
-  <LI> SMIME: sort certificates by some type of alphabetical order in the
-       displayed name.
+  <LI> When saving an attachment, the "^T" command leads to a screen where the
+       "A" command can be used to add a file. A directory can be added by
+       pressing "^X" after the "A" command. Added after a suggestion by
+       Stefan Goessling.
 </UL>
 
  
@@ -290,6 +300,9 @@ Bugs that have been addressed include:
   <LI> SMIME: certificates included in messages were not being transferred
        to a remote container.
 
+  <LI> SMIME: Crash if public certificates are located in an inaccessible
+       remote server and the private key is not available.
+
   <LI> Pico: Searching for a string that is too long causes Pico to crash
        in the next search.
 
diff --git a/pith/smime.c b/pith/smime.c
index c8c350be..01e0df09 100644
--- a/pith/smime.c
+++ b/pith/smime.c
@@ -211,10 +211,12 @@ setup_pwdcert(void **pwdcert)
   EVP_PKEY *pkey = NULL;
   X509 *pcert = NULL;
   PERSONAL_CERT *pc, *pc2 = NULL;
+  static int was_here = 0;
 
-  if(pwdcert == NULL)
+  if(pwdcert == NULL || was_here == 1)
     return;
 
+  was_here++;
   if(ps_global->pwdcertdir){
      if(our_stat(ps_global->pwdcertdir, &sbuf) == 0
 	&& ((sbuf.st_mode & S_IFMT) == S_IFDIR)){
@@ -232,11 +234,15 @@ setup_pwdcert(void **pwdcert)
 	  setup_dir++;
   }
 
-  if(setup_dir == 0)
+  if(setup_dir == 0){
+    was_here = 0;
     return;
+  }
 
-  if(load_key_and_cert(pathdir, pathdir, &keyfile, &certfile, &pkey, &pcert) < 0)
+  if(load_key_and_cert(pathdir, pathdir, &keyfile, &certfile, &pkey, &pcert) < 0){
+    was_here = 0;
     return;
+  }
 
   if(certfile && keyfile){
      pc = (PERSONAL_CERT *) fs_get(sizeof(PERSONAL_CERT));
@@ -246,14 +252,17 @@ setup_pwdcert(void **pwdcert)
      pc->cert = pcert;
      *pwdcert = (void *) pc;
      fs_give((void **)&certfile);
+     was_here = 0;
      return;
   }
 
   /* if the user gave a pwdcertdir and there is nothing there, do not
    * continue. Let the user initialize on their own this directory.
    */
-  if(ps_global->pwdcertdir != NULL)
+  if(ps_global->pwdcertdir != NULL){
+     was_here = 0;
      return;
+  }
 
   /* look to see if there are any certificates lying around, first
    * we try to load ps_global->smime to see if that has information
@@ -363,6 +372,7 @@ setup_pwdcert(void **pwdcert)
 
       if(setup_dir){
 	*pwdcert = (void *) pc2;
+	was_here = 0;
 	return;
       }
       else if(pc2 != NULL)
@@ -415,6 +425,7 @@ setup_pwdcert(void **pwdcert)
      pc->cert = pcert;
      *pwdcert = (void *) pc;
      fs_give((void **)&certfile);
+     was_here = 0;
      return;
   }
 
@@ -422,7 +433,7 @@ setup_pwdcert(void **pwdcert)
   q_status_message(SM_ORDER, 2, 2,
 	_("No key/certificate pair found for password file encryption support"));
 */
-
+  was_here = 0;
   if(we_inited)
     smime_deinit();
 }
@@ -685,8 +696,9 @@ import_certificate(WhichCerts ctype)
 	       }
 	       fs_give((void **)email);
 	    }
-	    else
-	      save_cert_for(filename, cert, Public);
+	    if(strcmp(filename + strlen(filename) - 4, ".crt") == 0)
+	       filename[strlen(filename) - 4] = '\0';
+	    save_cert_for(filename, cert, Public);
 	  }
 	  else  /* if(SMHOLDERTYPE(ctype) == Container){ */
 	     add_file_to_container(ctype, full_filename, NULL);
diff --git a/pith/smkeys.c b/pith/smkeys.c
index c6feb567..17357378 100644
--- a/pith/smkeys.c
+++ b/pith/smkeys.c
@@ -255,7 +255,7 @@ smime_get_cn(X509_NAME *subject)
 {
    char buf[256];
    X509_NAME_ENTRY *e;
-   e = X509_NAME_get_entry(subject, X509_NAME_entry_count(subject)-2);
+   e = X509_NAME_get_entry(subject, X509_NAME_entry_count(subject)-1);
    if(e)
       X509_NAME_get_text_by_OBJ(subject, e->object, buf, sizeof(buf));
    return cpystr(buf);