summaryrefslogtreecommitdiff
path: root/pith/smime.c
AgeCommit message (Collapse)Author
2019-06-22 * New version 2.21.99999 (06/22/2019)Eduardo Chappa
2019-05-23 * When Alpine is set to validate a message using the user's store, andEduardo Chappa
user agrees to save a certificate of another user, use the saved certificate immediately to verify the smime message. Reported by Stefan Mueller.
2019-04-28 * Compilation failure in Solaris when ldap is enabled. Reported byEduardo Chappa
"mechanic" in comp.mail.pine. * Configure script modifications to set the ldap-dir value correctly. * Fix some typos in documentation.
2018-12-06 * Fix a crash in the S/MIME configuration screen when a user turned off ↵Eduardo Chappa
S/MIME, and then reenabled it. This crash was due to a double free of memory. To avoid this in the future, we created a function free_x509_store(), which whenever called, will only free memory once. A similar crash would occur when one attempted to enter the S/MIME configuration screen if S/MIME was turned off. In this case, Alpine would try to dereference a null pointer.
2018-08-15 * S/MIME: Some clients do not transform messages to canonical form whenEduardo Chappa
signing first and encrypting second, which makes Alpine fail to parse the signed data after encryption. Reported by Holger Trapp.
2018-08-12 * Several changes to the compilation of Alpine in Windows to useEduardo Chappa
LibreSSL in connecting to external servers. This complements the changes to support S/MIME. In particular, we add support for validation of certificates by using C:\\libressl\ssl\certs as the place to save CA certificates. In order to help users, some certificates are distributed. TODO: Kerberos port, w2k.
2018-05-22 * error by 1 introduced in function that decrypts files, makes Alpine notEduardo Chappa
decrypt the password file correctly. Reported by Kyle George.
2018-05-21 * Nothing to see here, this is just reformatting of the code toEduardo Chappa
make it easier to find functions when I need to do so.
2018-05-20 * Move freeing for some SSL memory until after all connections areEduardo Chappa
closed. * A message could fail to verify its signature even if the certificate was saved when the message was open. Based on a report by David Woodhouse to the RedHat bugzilla system.
2018-05-18 * Release memory of a conversion table to UTF-8, if this was created byEduardo Chappa
us. * Some distributions of OpenSSL do not define ERR_free_strings and EVP_cleanup, so we only execute them when defined. Reported by Erich Eckner.
2018-05-02 * Changes to make Valgrind happy. Work in progress.Eduardo Chappa
2018-04-21 * If verification of a signed message fails due to an error in verifyingEduardo Chappa
a certificate (as opposed to the message is corrupt) retry at most two more times to get the data out using the PKCS7_verify function, and let the user know about the error.
2018-04-21 * The list of public certificates is freed before it is reused whenEduardo Chappa
a signature fails to verify. This causes Alpine to crash. Patch submitted by Linus Torvalds.
2018-02-26 * New version 2.21.999Eduardo Chappa
* rewrite of some code in pith/ical.c to make sure function prototypes are correct. * Add a separator line to the calendar entry in case, the calendar is sent as the main body of the message.
2017-12-10Initial commit for branch icalEduardo Chappa
2017-12-01 * PC-Alpine builds with LibreSSL and supports S/MIME.Eduardo Chappa
2017-09-29 * Initialize unitilized variable in pith/smime.c and delete .pdb andEduardo Chappa
.ilk files in a PC-Alpine "build clean" command.
2017-07-14 * Fix crash when a CA certificate failed to load, by protecting some callsEduardo Chappa
when s_cert_store is NULL, and also only freeing s_cert_store when all certificates in the .alpine-smime/ca directory fail to load.
2017-03-17 * New version 2.21Eduardo Chappa
2016-11-21 * SMIME: Change the default signature digest from sha1 to sha-256,Eduardo Chappa
since clients such as Thunderbird do not validate signatures that use sha1 digest.
2016-10-08 * Some code clean up before releasing the next alpha version.Eduardo Chappa
2016-10-05 * Add return codes to setup_pwdcert function, so that caller can knowEduardo Chappa
what happened and decide accordingly. Fixes the fact that Alpine will fail to create self signed certificate, when the .pwd directory does not exist.
2016-10-05 * When Alpine is compiled with password file and SMIME supportEduardo Chappa
the password file is encrypted using a private key/public certificate pair. If one such pair cannot be found, one will be created.
2016-09-28 * S/MIME: If the option "Remember S/MIME Passphrase" is disabled, thenEduardo Chappa
entering a password to read an encrypted message will make Alpine forget the key and not ask the password to unlock it again in case it is necessary to unlock it again. Reported by Ulf-Dietrich Braumann.
2016-09-03 * Alpine does not build with openssl 1.1.0, so this update fixes that.Eduardo Chappa
Users have the option to build with older versions of OpenSSL or with version 1.1.0. The current code is transitional and it is intended that we will move Alpine to build exclusively with version 1.1.0 or above in the future. This update also recognizes if we are using LibreSSL. It was tested with version 2.4.2.
2016-02-28 * Changes to make Alpine build when PASSFILE is not specified andEduardo Chappa
adding memory freeing calls when necessary.
2016-02-28 * Adjust the "import certificate" prompt to make it clear that theEduardo Chappa
user is sometimes asked to import a certificate and sometimes a key. * Fix a case of memory freed twice introduced in commit 4bf825141c...
2016-02-28 * Protection against deleting new key and certificate when replacing keyEduardo Chappa
that encrypts password file in case that the new key/certificate pairs have the same name as the old key/certificate.
2016-02-28 * Add the ability to change the private key and certificates usedEduardo Chappa
to encrypt a password file in the SMIME setup configuration screen.
2016-02-17 * Bug (introduced in version 2.20.9): Saving a password in the passwordEduardo Chappa
file, writes a non-secure encrypted password file until Alpine is restarted again.
2016-02-02 * New version 2.20.11Eduardo Chappa
* Update of copyright notice * Update to release notes to indicate support of RFC 2971.
2015-12-14 * S/MIME: When reading a local certificate, Alpine converts the name ofEduardo Chappa
the certificate to lowercase, which may make Alpine not be able to read such certificate. Reported by Dennis Davis.
2015-12-05 * Alpine will ask users if they wish to save S/MIME certificates includedEduardo Chappa
in signatures, when the option "Validate Using Certificate Store Only" is enabled. If the user does not wish to save it, validation will fail.
2015-09-18 * SMIME: Crash if public certificates are located in an inaccessibleEduardo Chappa
remote server and the private key is not available. * SMIME: Management of several alternate name (SAN) certificates is improved. When importing a SAN certificate, also import a certificate for the filename, besides for the e-mail addresses in the certificate. * When saving an attachment, the "^T" command leads to a screen where the "A" command can be used to add a file. A directory can be added by pressing "^X" after the "A" command. Added after a suggestion by Stefan Goessling.
2015-09-09 * SMIME: Offer the common name of the person, instead of the name ofEduardo Chappa
file containing the certificate, as the name to be displayed in the certificate management screen for certificate authorities. Suggested by Matthias Rieber.
2015-09-06 * S/MIME: Even though Alpine gave a message that certificates wereEduardo Chappa
being transferred, a local copy was not being retained, and therefore no copy was being transferred to the remote server.
2015-09-06 * S/MIME: transferring certificates failed to remove temporary files.Eduardo Chappa
2015-09-05 * S/MIME: fix a bug that did not allow users to transfer certificates toEduardo Chappa
remote containers. Reported by Matthias Rieber.
2015-08-10 * add non-breaking space (UCS \240) to list of spaces in functionEduardo Chappa
lisblank. * Clean up some code in pith/smime.c.
2015-08-07 * LibreSSL 2.2.2 does not have RAND_egd, so we eliminate that call (we wereEduardo Chappa
not using it anyway.)
2015-07-26 * several changes to reduce warnings, including adding sys/ioctl.hEduardo Chappa
in system.h.
2015-04-03 * new version 2.20.6Eduardo Chappa
* SMIME: Cancelling entering password to unlock key will not reprompt. * Creating repo at repo.or.cz
2015-03-31 * new version 2.20.5Eduardo Chappa
* SMIME: Crash when a certificate has an invalid date of validity. Also Alpine will use the function ASN1_TIME_print to determine the date of validity. Reported by Ben Stienstra. * SMIME: Crash when atempting to unlock the password file and an incorrect password is entered. * Alpine version 2.20.4 would not build in Windows, due to a missing #ifdef SMIME directive in file alpine/mailpart.c. Reported by Ulf-Dietrich Braunmann. * Pico: Code reorganization in the search command to make it easier to add subcommands of the search command. * Pico: Search command can do a case sensitive match. Use the Ctrl-^ subcommand of the search command to bring this choice into view. * For a multipart/alternative message, the Take Address command will work on the part that is being read.
2015-03-15 * new version 2.20.3Eduardo Chappa
* SMIME: If a message contains a RFC822 atachment that is signed/decrypted add the ability to view its SMIME information. * SMIME: The ^E command that gives information on the certificate is only available for messages that have a signed or encrypted part. * Fix vulnerability in regex library. This only affects those who use this library, such as the windows version of Alpine. See http://www.kb.cert.org/vuls/id/695940. * HTML: Add support for decoding entities in hexadecimal notation. Suggested by Tulipánt Gergely. * Pico: Add the ability to search for strings in the beginning or end of a line. In the search menu, pressing Ctrl-^ toggles the prompt to search for a string at the beginning of a line. Another press of Ctrl-^ toggles the prompt to search for a string at the end of a line, and pressing Ctrl-^ one more time searches for the string anywhere in the text.
2015-02-28 * new version 2.20.2Eduardo Chappa
* Further enhancement to the configure script in finding the location of the SSL include and library files, when they are installed in th e default location by openssl. * When Alpine sends an attachment, it will set the boundary attribute in lower case, as some SMTP servers, such as those of libero.it reject messages if the boundary attribute is in uppercase. * Alpine fails to remove temporary files used during a display or sending filter. Fix contributed by Phil Brooke. * SMIME: Crash when checking the signature of a message that contains a RFC822 attached message. Reported by Holger Trapp and Bjorn Krellner.
2015-01-07 * new version 2.19.9999Eduardo Chappa
* crash on importing certificates that do not have an email address associated to them, such as those of a Certificate Authority. * Disable saving new passwords to the password file. Implemented by Louis Raphael from dpslabs.com. * Panda IMAP does not decode correctly Korean text encoded in UTF-8. Reported by Chulho Yang.
2014-12-07 * new version 2.19.9993Eduardo Chappa
* Aggregate operations allows bouncing a list of messages using a role. Suggested by Ulf-Dietrich Braumann. * Compilation error of module pith/reply.c if SMIME is not defined (as in Windows Alpine). There was a misplaced parenthesis. * Update to S/MIME to explain how to use a PKCS12 certificate in Alpine. * Fix error in compare_certs function, that would modify the name of the certificates after sorting them, and return when no certificates are given. * When replying to several messages, subject will be decoded first, and then stripped from re/fwd before they are compared to determine the subject of the replied message. * Add $(LIBINTL) to the flags to link rpdump, rpload, alpined and alpineldap because MAC OSX 10.8 x86_64 needs it. * When the download of an attachment is interrumpted, Alpine stills caches what was downloaded, making the download incomplete for subsequent calls of Alpine attempting to open the attachment. In the future, Alpine will not cache any downloaded part of the attachment when it is interrupted.
2014-06-20 * new version 2.19.9992Eduardo Chappa
* Alpine would not parse options from the command line, such as -patterns-filters2, correctly. * Add /usr/local/include as a path to find include and libs files for openssl in FreeBSD. * Management certificate screen now prints, in addition to the e-mail address of the owner of the certificates, the dates of validity and the MD5 hash of such certificates. * crash when processing message/rfc822 attachments that are encoded in base64. * Openssl: if /usr/local/ssl exists, assume that this is the intended place where ssl libraries, include files and certificates are located. Typically, distributions do not use this directory, so its existence indicates that Openssl has been specially installed there, so it is probably a preferred place to get the system Openssl files. * Postponed messages whose content-type is text/html, text/enriched and text/richtext are sent with that content-type, even though, after resuming composition, Alpine had changed its type to text/plain. * HTML: <BR>, <BR />, and <BR/&> are considered the same inline tag; the same is valid for the <HR> tag.
2014-05-31 * new version 2.19.9991Eduardo Chappa
* S/MIME Alpine would compute incorrectly the signature of a message that contains 8bit if the option "Enable 8bit ESMTP Negotiation" is enabled, the message contains 8bit characters and the smtp server supports 8bit sending. * Crash while redrawing S/MIME configuration screen when importing a certificate * When forwarding a message before opening it, the message might not be found. The problem is in the forward_body function, where the section of the body is not correctly set in all instances. * When forwarding a signed message Alpine might forward the message as a multipart message, instead of just selecting the body of the message. Change to forward the signed part only. This aligns Alpine with what it does when it replies to a similar message.
2014-05-17 * Fix bug in new code that determines the name of the container ifEduardo Chappa
none is specified.