<feed xmlns='http://www.w3.org/2005/Atom'>
<title>notmuch/test/T355-smime.sh, branch 0.32</title>
<subtitle>thread-based email index, search, and tagging</subtitle>
<id>https://git.notmuchmail.org/git/notmuch/atom?h=0.32</id>
<link rel='self' href='https://git.notmuchmail.org/git/notmuch/atom?h=0.32'/>
<link rel='alternate' type='text/html' href='https://git.notmuchmail.org/git/notmuch/'/>
<updated>2020-08-08T19:04:27Z</updated>
<entry>
<title>T355: specify hash algorithm explicitly</title>
<updated>2020-08-08T19:04:27Z</updated>
<author>
<name>Đoàn Trần Công Danh</name>
<email>congdanhqx@gmail.com</email>
</author>
<published>2020-08-03T15:40:57Z</published>
<link rel='alternate' type='text/html' href='https://git.notmuchmail.org/git/notmuch/commit/?id=f5ae8040b3ebba8ffa1be485c3a74397df98138e'/>
<id>urn:sha1:f5ae8040b3ebba8ffa1be485c3a74397df98138e</id>
<content type='text'>
On some systems (notably, the one shipped with LibreSSL),
default fingerprint digest algorithm is SHA256.

On other systems, users can change default digest algorithm by changing
default_md in /etc/ssl/default_md.

Let's ask openssl to provide us specific algorithm to make the test
more deterministic.

Signed-off-by: Đoàn Trần Công Danh &lt;congdanhqx@gmail.com&gt;
</content>
</entry>
<entry>
<title>test: mark two tests broken on machines with 32 bit time_t</title>
<updated>2020-06-27T01:16:51Z</updated>
<author>
<name>David Bremner</name>
<email>david@tethera.net</email>
</author>
<published>2020-06-24T14:32:34Z</published>
<link rel='alternate' type='text/html' href='https://git.notmuchmail.org/git/notmuch/commit/?id=b46d842782527b206e139edd00ab1ac896b5a23b'/>
<id>urn:sha1:b46d842782527b206e139edd00ab1ac896b5a23b</id>
<content type='text'>
I haven't traced the code path as exhaustively for the SMIME test, but
the expiry date in question is larger then representable in a signed
32 bit integer.
</content>
</entry>
<entry>
<title>smime: Index cleartext of envelopedData when requested</title>
<updated>2020-05-23T01:12:00Z</updated>
<author>
<name>Daniel Kahn Gillmor</name>
<email>dkg@fifthhorseman.net</email>
</author>
<published>2020-05-12T22:29:39Z</published>
<link rel='alternate' type='text/html' href='https://git.notmuchmail.org/git/notmuch/commit/?id=6cdf4b7e38000c6d0a14ff04ab71f7c7e60835ec'/>
<id>urn:sha1:6cdf4b7e38000c6d0a14ff04ab71f7c7e60835ec</id>
<content type='text'>
Signed-off-by: Daniel Kahn Gillmor &lt;dkg@fifthhorseman.net&gt;
</content>
</entry>
<entry>
<title>smime: Pass PKCS#7 envelopedData to node_decrypt_and_verify</title>
<updated>2020-05-23T01:11:51Z</updated>
<author>
<name>Daniel Kahn Gillmor</name>
<email>dkg@fifthhorseman.net</email>
</author>
<published>2020-05-12T22:29:38Z</published>
<link rel='alternate' type='text/html' href='https://git.notmuchmail.org/git/notmuch/commit/?id=cb88b51fe55fcb01235747d4b94072fa6efd501c'/>
<id>urn:sha1:cb88b51fe55fcb01235747d4b94072fa6efd501c</id>
<content type='text'>
This change means we can support "notmuch show --decrypt=true" for
S/MIME encrypted messages, resolving several outstanding broken tests,
including all the remaining S/MIME protected header examples.

We do not yet handle indexing the cleartext of S/MIME encrypted
messages, though.

Signed-off-by: Daniel Kahn Gillmor &lt;dkg@fifthhorseman.net&gt;
</content>
</entry>
<entry>
<title>cli/reply: Ignore PKCS#7 wrapper parts when replying</title>
<updated>2020-05-23T01:11:25Z</updated>
<author>
<name>Daniel Kahn Gillmor</name>
<email>dkg@fifthhorseman.net</email>
</author>
<published>2020-05-12T22:29:35Z</published>
<link rel='alternate' type='text/html' href='https://git.notmuchmail.org/git/notmuch/commit/?id=1b9f4a9863003955e6a757a6eeb8b6926d60c896'/>
<id>urn:sha1:1b9f4a9863003955e6a757a6eeb8b6926d60c896</id>
<content type='text'>
When composing a reply, no one wants to see this line in the proposed
message:

    Non-text part: application/pkcs7-mime

So we hide it, the same way we hide PGP/MIME cruft.

Signed-off-by: Daniel Kahn Gillmor &lt;dkg@fifthhorseman.net&gt;
</content>
</entry>
<entry>
<title>cli/show: If a leaf part has children, show them instead of omitting</title>
<updated>2020-05-23T01:11:17Z</updated>
<author>
<name>Daniel Kahn Gillmor</name>
<email>dkg@fifthhorseman.net</email>
</author>
<published>2020-05-12T22:29:34Z</published>
<link rel='alternate' type='text/html' href='https://git.notmuchmail.org/git/notmuch/commit/?id=f12fb4d819956cb467b22183f0416fed44703d0f'/>
<id>urn:sha1:f12fb4d819956cb467b22183f0416fed44703d0f</id>
<content type='text'>
Until we did PKCS#7 unwrapping, no leaf MIME part could have a child.

Now, we treat the unwrapped MIME part as the child of the PKCS#7
SignedData object.  So in that case, we want to show it instead of
deliberately omitting the content.

This fixes the test of the protected subject in
id:smime-onepart-signed@protected-headers.example.

Signed-off-by: Daniel Kahn Gillmor &lt;dkg@fifthhorseman.net&gt;
</content>
</entry>
<entry>
<title>cli: include wrapped part of PKCS#7 SignedData in the MIME tree</title>
<updated>2020-05-23T01:11:07Z</updated>
<author>
<name>Daniel Kahn Gillmor</name>
<email>dkg@fifthhorseman.net</email>
</author>
<published>2020-05-12T22:29:33Z</published>
<link rel='alternate' type='text/html' href='https://git.notmuchmail.org/git/notmuch/commit/?id=5f4aceee26ca6db3cdd09ff69220a63e07976a01'/>
<id>urn:sha1:5f4aceee26ca6db3cdd09ff69220a63e07976a01</id>
<content type='text'>
Unwrap a PKCS#7 SignedData part unconditionally when the cli is
traversing the MIME tree, and return it as a "child" of what would
otherwise be a leaf in the tree.

Unfortunately, this also breaks the JSON output.  We will fix that
next.

Signed-off-by: Daniel Kahn Gillmor &lt;dkg@fifthhorseman.net&gt;
</content>
</entry>
<entry>
<title>smime: Identify encrypted S/MIME parts during indexing</title>
<updated>2020-05-23T01:10:55Z</updated>
<author>
<name>Daniel Kahn Gillmor</name>
<email>dkg@fifthhorseman.net</email>
</author>
<published>2020-05-12T22:29:32Z</published>
<link rel='alternate' type='text/html' href='https://git.notmuchmail.org/git/notmuch/commit/?id=ad60e5d4e8a6736af28f326803dbd38620e71ae8'/>
<id>urn:sha1:ad60e5d4e8a6736af28f326803dbd38620e71ae8</id>
<content type='text'>
We don't handle them correctly yet, but we can at least mark them as
being encrypted.

Signed-off-by: Daniel Kahn Gillmor &lt;dkg@fifthhorseman.net&gt;
</content>
</entry>
<entry>
<title>lib: index PKCS7 SignedData parts</title>
<updated>2020-05-23T01:10:46Z</updated>
<author>
<name>Daniel Kahn Gillmor</name>
<email>dkg@fifthhorseman.net</email>
</author>
<published>2020-05-12T22:29:31Z</published>
<link rel='alternate' type='text/html' href='https://git.notmuchmail.org/git/notmuch/commit/?id=38bd0df922aa1c9ac98154f6d3dc3e30255ad47e'/>
<id>urn:sha1:38bd0df922aa1c9ac98154f6d3dc3e30255ad47e</id>
<content type='text'>
When we are indexing, we should treat SignedData parts the same way
that we treat a multipart object, indexing the wrapped part as a
distinct MIME object.

Unfortunately, this means doing some sort of cryptographic
verification whose results we throw away, because GMime doesn't offer
us any way to unwrap without doing signature verification.

I've opened https://github.com/jstedfast/gmime/issues/67 to request
the capability from GMime but for now, we'll just accept the
additional performance hit.

As we do this indexing, we also apply the "signed" tag, by analogy
with how we handle multipart/signed messages.  These days, that kind
of change should probably be done with a property instead, but that's
a different set of changes.  This one is just for consistency.

Note that we are currently *only* handling signedData parts, which are
basically clearsigned messages.  PKCS#7 parts can also be
envelopedData and authEnvelopedData (which are effectively encryption
layers), and compressedData (which afaict isn't implemented anywhere,
i've never encountered it).  We're laying the groundwork for indexing
these other S/MIME types here, but we're only dealing with signedData
for now.

Signed-off-by: Daniel Kahn Gillmor &lt;dkg@fifthhorseman.net&gt;
</content>
</entry>
<entry>
<title>smime: tests of X.509 certificate validity are known-broken on GMime &lt; 3.2.7</title>
<updated>2020-05-23T01:04:57Z</updated>
<author>
<name>Daniel Kahn Gillmor</name>
<email>dkg@fifthhorseman.net</email>
</author>
<published>2020-05-22T00:42:41Z</published>
<link rel='alternate' type='text/html' href='https://git.notmuchmail.org/git/notmuch/commit/?id=b14d9ae204dedab0b63ab54fc6d59ffe7090ba88'/>
<id>urn:sha1:b14d9ae204dedab0b63ab54fc6d59ffe7090ba88</id>
<content type='text'>
When checking cryptographic signatures, Notmuch relies on GMime to
tell it whether the certificate that signs a message has a valid User
ID or not.

If the User ID is not valid, then notmuch does not report the signer's
User ID to the user.  This means that the consumer of notmuch's
cryptographic summary of a message (or of its protected headers) can
be confident in relaying the reported identity to the user.

However, some versions of GMime before 3.2.7 cannot report Certificate
validity for X.509 certificates.  This is resolved upstream in GMime
at https://github.com/jstedfast/gmime/pull/90.

We adapt to this by marking tests of reported User IDs for
S/MIME-signed messages as known-broken if GMime is older than 3.2.7
and has not been patched.

If GMime &gt;= 3.2.7 and certificate validity still doesn't work for
X.509 certs, then there has likely been a regression in GMime and we
should fail early, during ./configure.

To break out these specific User ID checks from other checks, i had to
split some tests into two parts, and reuse $output across the two
subtests.

Signed-off-by: Daniel Kahn Gillmor &lt;dkg@fifthhorseman.net&gt;
</content>
</entry>
</feed>
