summaryrefslogtreecommitdiff
path: root/alpine/smime.c
AgeCommit message (Collapse)Author
2021-04-10 * New alpha version 2.24.1Eduardo Chappa
2021-04-08 * Clear out some warnings given by gcc 10.Eduardo Chappa
2021-04-06 * Always follow ‘suppress-asterisks-in-password-prompt’ setting in theEduardo Chappa
various password prompts. Submitted by Étienne Deparis.
2020-01-19 * Initial release of Alpine version 2.22.Eduardo Chappa
2019-06-22 * New version 2.21.99999 (06/22/2019)Eduardo Chappa
2018-12-06 * Fix a crash in the S/MIME configuration screen when a user turned off ↵Eduardo Chappa
S/MIME, and then reenabled it. This crash was due to a double free of memory. To avoid this in the future, we created a function free_x509_store(), which whenever called, will only free memory once. A similar crash would occur when one attempted to enter the S/MIME configuration screen if S/MIME was turned off. In this case, Alpine would try to dereference a null pointer.
2018-05-21 * Nothing to see here, this is just reformatting of the code toEduardo Chappa
make it easier to find functions when I need to do so.
2018-05-02 * Changes to make Valgrind happy. Work in progress.Eduardo Chappa
2018-02-26 * New version 2.21.999Eduardo Chappa
* rewrite of some code in pith/ical.c to make sure function prototypes are correct. * Add a separator line to the calendar entry in case, the calendar is sent as the main body of the message.
2017-12-10Initial commit for branch icalEduardo Chappa
2017-11-22 * Add "remove password" command to the management screen for theEduardo Chappa
password file encryption key. This allows users to use their password file without entering a master password.
2017-05-04 * Creating key for password file could not be cancelled.Eduardo Chappa
2017-03-17 * New version 2.21Eduardo Chappa
2016-10-08 * Some code clean up before releasing the next alpha version.Eduardo Chappa
2016-10-05 * When Alpine is compiled with password file and SMIME supportEduardo Chappa
the password file is encrypted using a private key/public certificate pair. If one such pair cannot be found, one will be created.
2016-09-03 * Alpine does not build with openssl 1.1.0, so this update fixes that.Eduardo Chappa
Users have the option to build with older versions of OpenSSL or with version 1.1.0. The current code is transitional and it is intended that we will move Alpine to build exclusively with version 1.1.0 or above in the future. This update also recognizes if we are using LibreSSL. It was tested with version 2.4.2.
2016-02-28 * Changes to make Alpine build when PASSFILE is not specified andEduardo Chappa
adding memory freeing calls when necessary.
2016-02-28 * Add the ability to change the private key and certificates usedEduardo Chappa
to encrypt a password file in the SMIME setup configuration screen.
2016-02-02 * New version 2.20.11Eduardo Chappa
* Update of copyright notice * Update to release notes to indicate support of RFC 2971.
2015-12-14 * S/MIME: When reading a local certificate, Alpine converts the name ofEduardo Chappa
the certificate to lowercase, which may make Alpine not be able to read such certificate. Reported by Dennis Davis.
2015-09-18 * SMIME: Crash if public certificates are located in an inaccessibleEduardo Chappa
remote server and the private key is not available. * SMIME: Management of several alternate name (SAN) certificates is improved. When importing a SAN certificate, also import a certificate for the filename, besides for the e-mail addresses in the certificate. * When saving an attachment, the "^T" command leads to a screen where the "A" command can be used to add a file. A directory can be added by pressing "^X" after the "A" command. Added after a suggestion by Stefan Goessling.
2015-09-09 * SMIME: Offer the common name of the person, instead of the name ofEduardo Chappa
file containing the certificate, as the name to be displayed in the certificate management screen for certificate authorities. Suggested by Matthias Rieber.
2015-09-08 * SMIME: add full year when displaying information about a certificateEduardo Chappa
in the certificate management screen. Suggested by Matthias Rieber. * SMIME: sort certificates by some type of alphabetical order in the displayed name.
2015-09-06Revert "Revert " * S/MIME: information on certificates is now available ↵Eduardo Chappa
for certificates"" This reverts commit 1fb52f967889d83c23fdd8f3054f5776351ebe85.
2015-09-06Revert " * S/MIME: information on certificates is now available for ↵Eduardo Chappa
certificates" This reverts commit bf714e42e10de6ff6bce677551c791397048caa5.
2015-09-06 * S/MIME: information on certificates is now available for certificatesEduardo Chappa
in containers.
2015-08-04 * Fix a bug in the S/MIME certificate management screen whereEduardo Chappa
not all the information on a certificate might be printed on the screen. The bug was introduced when warnings from clang were cleared.
2015-07-26 * Fix compilation error in arg.c when pwdcertdir was being freed, evenEduardo Chappa
though a password file might have not been defined. * Work on reducing the number of warnings in OSX.
2015-03-25 * new version 2.20.4Eduardo Chappa
* If the charset of a message can not be determined, use the value set in the "Unknown Character Set" option. * Resizing setup screen will redraw screen. * Unix Alpine only. Experimental: If Alpine/Pico finds a UCS4 code in the width ambiguous zone, it will use other means to determine the width, such as call wcwidth.
2015-03-15 * new version 2.20.3Eduardo Chappa
* SMIME: If a message contains a RFC822 atachment that is signed/decrypted add the ability to view its SMIME information. * SMIME: The ^E command that gives information on the certificate is only available for messages that have a signed or encrypted part. * Fix vulnerability in regex library. This only affects those who use this library, such as the windows version of Alpine. See http://www.kb.cert.org/vuls/id/695940. * HTML: Add support for decoding entities in hexadecimal notation. Suggested by Tulipánt Gergely. * Pico: Add the ability to search for strings in the beginning or end of a line. In the search menu, pressing Ctrl-^ toggles the prompt to search for a string at the beginning of a line. Another press of Ctrl-^ toggles the prompt to search for a string at the end of a line, and pressing Ctrl-^ one more time searches for the string anywhere in the text.
2015-01-07 * new version 2.19.9999Eduardo Chappa
* crash on importing certificates that do not have an email address associated to them, such as those of a Certificate Authority. * Disable saving new passwords to the password file. Implemented by Louis Raphael from dpslabs.com. * Panda IMAP does not decode correctly Korean text encoded in UTF-8. Reported by Chulho Yang.
2014-12-07 * new version 2.19.9993Eduardo Chappa
* Aggregate operations allows bouncing a list of messages using a role. Suggested by Ulf-Dietrich Braumann. * Compilation error of module pith/reply.c if SMIME is not defined (as in Windows Alpine). There was a misplaced parenthesis. * Update to S/MIME to explain how to use a PKCS12 certificate in Alpine. * Fix error in compare_certs function, that would modify the name of the certificates after sorting them, and return when no certificates are given. * When replying to several messages, subject will be decoded first, and then stripped from re/fwd before they are compared to determine the subject of the replied message. * Add $(LIBINTL) to the flags to link rpdump, rpload, alpined and alpineldap because MAC OSX 10.8 x86_64 needs it. * When the download of an attachment is interrumpted, Alpine stills caches what was downloaded, making the download incomplete for subsequent calls of Alpine attempting to open the attachment. In the future, Alpine will not cache any downloaded part of the attachment when it is interrupted.
2014-06-20 * new version 2.19.9992Eduardo Chappa
* Alpine would not parse options from the command line, such as -patterns-filters2, correctly. * Add /usr/local/include as a path to find include and libs files for openssl in FreeBSD. * Management certificate screen now prints, in addition to the e-mail address of the owner of the certificates, the dates of validity and the MD5 hash of such certificates. * crash when processing message/rfc822 attachments that are encoded in base64. * Openssl: if /usr/local/ssl exists, assume that this is the intended place where ssl libraries, include files and certificates are located. Typically, distributions do not use this directory, so its existence indicates that Openssl has been specially installed there, so it is probably a preferred place to get the system Openssl files. * Postponed messages whose content-type is text/html, text/enriched and text/richtext are sent with that content-type, even though, after resuming composition, Alpine had changed its type to text/plain. * HTML: <BR>, <BR />, and <BR/&> are considered the same inline tag; the same is valid for the <HR> tag.
2014-05-31 * new version 2.19.9991Eduardo Chappa
* S/MIME Alpine would compute incorrectly the signature of a message that contains 8bit if the option "Enable 8bit ESMTP Negotiation" is enabled, the message contains 8bit characters and the smtp server supports 8bit sending. * Crash while redrawing S/MIME configuration screen when importing a certificate * When forwarding a message before opening it, the message might not be found. The problem is in the forward_body function, where the section of the body is not correctly set in all instances. * When forwarding a signed message Alpine might forward the message as a multipart message, instead of just selecting the body of the message. Change to forward the signed part only. This aligns Alpine with what it does when it replies to a similar message.
2014-05-17 * New version 2.19.999Eduardo Chappa
* Introduce the option "Validate Using Certificate Store Only", and make it the default. This will make Alpine check for the validity of signatures in certificates that a user has installed in their system, and not in the certificates that come with the message. A user can override this, although is not recommended, by disabling this feature. * When viewing a signed message, the ^E command would present an empty screen or Alpine would crash because when Alpine would get the PKCS7 body of the message from body->sparep, it would not decode it properly due to the new way in which the sparep pointer is encoded that was introduced in version 2.19.991. * When a signed message is forwarded, the message might not be filtered correctly, and mime information might make it into the body of the forwarded message. In order to produce this, the message must be forwarded from the index screen and not be opened. The reason why this makes a difference is because opening a signed message changes its body structure. The reason why a person could forward a message before reading it is because the person could already be aware of the content of the message (e.g. the message is in the sent-mail folder). * When a message fails to validate and the body is saved from the server for validation, be careful in the way that body part pointers are set, in order to do this we split the mail_body function into two parts, one that gets the body, the other that gets the section of the body. The new function that gets the section of the body (mail_body_section), is used to assign pointers of the reconstructed new body. * When a container has not been defined, transferring messages to a container will succeed, and the name of the container will be written on screen. * When Alpine is receiving the envelopes from an imap server, it attempts to generate the index line immediately; while doing so it might need to compute a score, and for this, it might need to go back and do some operation in the same imap server. In this case, Alpine will crash with a "lock when already locked" message. In order to avoid this crash, a new check in match_pattern was added to Alpine to avoid the second trip to a server that is busy sending us envelopes. Reported by Peter Koellner. * Update copyright notice in mswin.rc and pmapi.rc, as well as first time user notice and special request notice. * Alpine cannot handle correctly some characters in the Windows-1256 character set, which might lead to a crash or a corruption in the screen. Work was done to contain the bug. A more complete fix will be done in a future release. Reported by Professor Robert Funnell. * Decode the name of attachment names, so they can be written as part of the description of the part. * When transferring certificates to a local container, create container with default names PublicContainer, PrivateContainer and CAContainer, as appropriate for these files, unless the user has provided some other names.
2014-04-25 * When downloading a signed message, and processing it, we useEduardo Chappa
body->nested.part instead of b->nested.part in the do_detached_signature_verify function, and save its body and mime headers in create_local_cache. Now all signed messages should verify correctly. * Protect against potential crash bug in write_passfile function by checking if text != NULL. text can only be null if there are no passwords to save. We assume we could get write_passfile called with null arguments, so this is just to protect that. * Add handling of corner cases to several functions by initializing some variables. Reported and patched by James Jerkins. * When selecting the certificate/key pair to encrypt/decrypt the password file choose it in this order: - if -pwdcertdir is given look for certificates there, if nothing there, we bail out; - otherwise we look in the default directory, if anything there and it matches to be a key/cert pair, we use it; - otherwise we check if smime_init() has been called. If not we call it; - we check if a key/cert pair has been found with smime initialized, if so, use it and copy it to the default directory; - if not, check if there is anything in the default smime directories (.alpine-smime/private and .alpine-smime/public), and in this case copy it to the default. - otherwise we bail. We will eventually create a certificate/key pair for the user; - finally, if we called smime_init(), we call smime_deinit(). Throughout this process, if smime_init() was not called before we tried to get the cert/key pair we exit this process without ps_global->smime->inited set, so that other process that need to call smime_init() get the right structure initialized. This is done because we might pick a cert/key pair to decrypt the password file.
2014-04-18 * Set default ssl configuration for Homebrew in MAC OSX toEduardo Chappa
/usr/local/etc/openssl, under the advice of Sam Hathaway. * Add management certificate support for containers. * Fix crashing bugs introduced in version 2.19.9, which did not allow alpine to start with the -passfile and use a remote pinerc. Reported by Ulf-Dietrich Braumann. * fix a bug which was introduced in version 2.19.9, where Alpine would free a certificate associated to a key after encryption, and so this could not be used during decryption. We use X509_dup to copy the cert and so make the copy be freed, and not the original. * S/MIME: sign messages using intermediate certificates when needed and possible.
2014-04-08 * Fixes bug in 2.19.8 that would make Alpine fail to build in Windows.Eduardo Chappa
* S/MIME configuration screen would deinitialize smime, not allowing it to send encrypted or signed messages. * Add documentation for /loser option in definition of external servers. * crashing bug in certificate management screen due to a BIO_free() call of memory that had not been allocated. * When the password file is decrypted, smime is inited. If smime is inited before the .pinerc is read, some values might not be correctly set. * When a password file exists, and S/MIME is enabled, encrypt it by either using an existing key/certificate pair. The key is saved separately in ~/.alpine-smime/.pwd, or in the directory specified by the -pwdcertdir command line option.
2014-03-09 * Forwarding messages with attachments of content-type multipart,Eduardo Chappa
failed when attempting to sign it, with and "Error writing pipe" error. * Using a .pinerc file outside the home directory made Alpine not find the .alpine-smime directory with certificates. * Configuration screen for S/MIME adds ability to manage certificates. (currently available to users who manage certificates in directories, not in containers, which will be available in the next alpha release.)
2013-10-06 * new version 2.11.8Eduardo Chappa
* Fix in configure script for recognition of SSL files in Ubuntu 12.04 * Alpine does not attempt to automatically reopen a collection that was not opened due to cancellation by the user. Instead, the user must try to open it explicitly. * few improvements on new /tls1, /tls1_1, etc. options.
2013-02-03Initial Alpine VersionEduardo Chappa