bug#18393: mm-view-pkcs7-verify ignores mml-smime-use

bug#18393: mm-view-pkcs7-verify ignores mml-smime-use

[Lars Ingebrigtsen]

Jens Lechtenboerger <lechten@wi.uni-muenster.de> writes:

> I use mml-smime-use to prefer EPG over OpenSSL.  However,
> mm-view-pkcs7-verify ignores that variable and calls
> smime-verify-region (which uses OpenSSL).
>
> For signed e-mails with
> Content-Type: application/pkcs7-mime; name="smime.p7m";
>    smime-type=signed-data
> this results in the error message: "No CA configured"
> (And the e-mail is displayed in base64 encoded form; the text is not
> shown.)

Could you send such a message to enable us to debug this?

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

bug#18393: mm-view-pkcs7-verify ignores mml-smime-use

[Jens Lechtenboerger]

[-- Attachment #1: Type: text/plain, Size: 809 bytes --]

On 2019-09-23, Lars Ingebrigtsen wrote:

> Jens Lechtenboerger <lechten@wi.uni-muenster.de> writes:
>
>> I use mml-smime-use to prefer EPG over OpenSSL.  However,
>> mm-view-pkcs7-verify ignores that variable and calls
>> smime-verify-region (which uses OpenSSL).
>>
>> For signed e-mails with
>> Content-Type: application/pkcs7-mime; name="smime.p7m";
>>    smime-type=signed-data
>> this results in the error message: "No CA configured"
>> (And the e-mail is displayed in base64 encoded form; the text is not
>> shown.)
>
> Could you send such a message to enable us to debug this?

Attached you find the message from section 4.9 of RFC4134, with the
CA certificate.  Verify with:

openssl smime -verify -CAfile carldssself.pem -in rfc4134-4.9.mail -signer signer.pem -out signedtext.txt

Best wishes
Jens


[-- Attachment #2: rfc4134-4.9.mail --]
[-- Type: application/octet-stream, Size: 1596 bytes --]

MIME-Version: 1.0
To: User2@examples.com
From: aliceDss@examples.com
Subject: Example 4.9
Message-Id: <021031164540300.304@examples.com>
Date: Thu, 31 Oct 2002 16:45:14 -0300
Content-Type: application/pkcs7-mime; smime-type=signed-data;
    name=smime.p7m
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=smime.p7m

MIIDmQYJKoZIhvcNAQcCoIIDijCCA4YCAQExCTAHBgUrDgMCGjAtBgkqhkiG9w0BBwGgIAQ
eDQpUaGlzIGlzIHNvbWUgc2FtcGxlIGNvbnRlbnQuoIIC4DCCAtwwggKboAMCAQICAgDIMA
kGByqGSM44BAMwEjEQMA4GA1UEAxMHQ2FybERTUzAeFw05OTA4MTcwMTEwNDlaFw0zOTEyM
zEyMzU5NTlaMBMxETAPBgNVBAMTCEFsaWNlRFNTMIIBtjCCASsGByqGSM44BAEwggEeAoGB
AIGNze2D6gqeOT7CSCij5EeT3Q7XqA7sU8WrhAhP/5Thc0h+DNbzREjR/p+vpKGJL+HZMMg
23j+bv7dM3F9piuR10DcMkQiVm96nXvn89J8v3UOoi1TxP7AHCEdNXYjDw7Wz41UIddU5dh
DEeL3/nbCElzfy5FEbteQJllzzflvbAhUA4kemGkVmuBPG2o+4NyErYov3k80CgYAmONAUi
TKqOfs+bdlLWWpMdiM5BAI1XPLLGjDDHlBd3ZtZ4s2qBT1YwHuiNrhuB699ikIlp/R1z0oI
Xks+kPht6pzJIYo7dhTpzi5dowfNI4W4LzABfG1JiRGJNkS9+MiVSlNWteL5c+waYTYfEX/
Cve3RUP+YdMLRgUpgObo2OQOBhAACgYBc47ladRSWC6l63eM/qeysXty9txMRNKYWiSgRI9
k0hmd1dRMSPUNbb+VRv/qJ8qIbPiR9PQeNW2PIu0WloErjhdbOBoA/6CN+GvIkq1MauCcNH
u8Iv2YUgFxirGX6FYvxuzTU0pY39mFHssQyhPB+QUD9RqdjTjPypeL08oPluKOBgTB/MAwG
A1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgbAMB8GA1UdIwQYMBaAFHBEPoIub4feStN14z0
gvEMrk/EfMB0GA1UdDgQWBBS+bKGz48H37UNwpM4TAeL945f+zTAfBgNVHREEGDAWgRRBbG
ljZURTU0BleGFtcGxlLmNvbTAJBgcqhkjOOAQDAzAAMC0CFFUMpBkfQiuJcSIzjYNqtT1na
79FAhUAn2FTUlQLXLLd2ud2HeIQUltDXr0xYzBhAgEBMBgwEjEQMA4GA1UEAxMHQ2FybERT
UwICAMgwBwYFKw4DAhowCQYHKoZIzjgEAwQuMCwCFD1cSW6LIUFzeXle3YI5SKSBer/sAhQ
mCq7s/CTFHOEjgASeUjbMpx5g6A==

[-- Attachment #3: carldssself.pem --]
[-- Type: application/octet-stream, Size: 964 bytes --]

-----BEGIN CERTIFICATE-----
MIICmzCCAlqgAwIBAgIBATAJBgcqhkjOOAQDMBIxEDAOBgNVBAMTB0NhcmxEU1Mw
HhcNOTkwODE2MjI1MDUwWhcNMzkxMjMxMjM1OTU5WjASMRAwDgYDVQQDEwdDYXJs
RFNTMIIBtzCCASsGByqGSM44BAEwggEeAoGBALZJGD6KRMEpcZRMAcQSwXp5y1RN
qx6B+8ZMsw6UCQbrAdSxyHFLx0XAUCVdnPza5G3T4oZIhIJ9uhWVShb2Ru3d9pjS
u36KCoq6Fnu5UAFIk4vrJRVRl1Xcj1MOEKlQ/HC3zTBU/dreqKoitaGvi8wCiOeL
cF+5reEI1G0pLdbpAhUA3cEv31POCzRgdz4CpL+KXZi5ENUCgYAM7lebS73atgdq
dDdPVX+d7bxhDetGWTxWCytbDJHOpWJSacrhbT69v/7ht7krYTyty65F4wasjCKd
nESHC8fN8BzZtU5dc96vDskdWlH1T0R5NVpzqn9GUR+pQhacSOuKeWG01S9TIkRj
H4a4o1gGJfgpwO+64HXwQsRjZVKbCgOBhQACgYEAmYd0JwNmoLHArdwsdbvhbESc
2iFtTUdtsWIJ6diuHvI6tJSxo456m3FOAJTJtCVOuWCWGSQB82IM/nXA+87YaADj
/dVwT98jlhkGlPSxYY86V7EIEaQLJiXwUnaB6gtiDZUq5oa6crKnUIMLqifNG6lN
iZrXjRg5hD+LxVZNgHqjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD
AgGGMB0GA1UdDgQWBBRwRD6CLm+H3krTdeM9ILxDK5PxHzAJBgcqhkjOOAQDAzAA
MC0CFGup8E56Wnnj+b49K8kGN+kRF6ETAhUAjzRpKouxPAN5lDJNEh/OiftGsjs=
-----END CERTIFICATE-----

bug#18393: mm-view-pkcs7-verify ignores mml-smime-use

[Lars Ingebrigtsen]

Jens Lechtenboerger <lechten@wi.uni-muenster.de> writes:

>>> I use mml-smime-use to prefer EPG over OpenSSL.  However,
>>> mm-view-pkcs7-verify ignores that variable and calls
>>> smime-verify-region (which uses OpenSSL).
>>>
>>> For signed e-mails with
>>> Content-Type: application/pkcs7-mime; name="smime.p7m";
>>>    smime-type=signed-data
>>> this results in the error message: "No CA configured"
>>> (And the e-mail is displayed in base64 encoded form; the text is not
>>> shown.)
>>
>> Could you send such a message to enable us to debug this?
>
> Attached you find the message from section 4.9 of RFC4134, with the
> CA certificate.  Verify with:
>
> openssl smime -verify -CAfile carldssself.pem -in rfc4134-4.9.mail
> -signer signer.pem -out signedtext.txt

Yup, I get the same.

If I say:

(setq smime-CA-file "/tmp/carldssself.pem")

I get a blank article buffer.

I'm trying to follow the logic of the code here.  One bug is what you
report, that mml-smime-use isn't heeded, and I'll fix that (it seems
pretty easy, I can just cargo-cult mm-view-pkcs7-decrypt, which starts:

(defun mm-view-pkcs7-decrypt (handle &optional from)
  (insert-buffer-substring (mm-handle-buffer handle))
  (goto-char (point-min))
  (if (eq mml-smime-use 'epg)
      ...

But in this instance we don't get to that function.  Instead we get to:

(defun mm-view-pkcs7 (handle &optional from)
  (cl-case (mm-view-pkcs7-get-type handle)
    (enveloped (mm-view-pkcs7-decrypt handle from))
    (signed (mm-view-pkcs7-verify handle))
    (otherwise (error "Unknown or unimplemented PKCS#7 type"))))

(defun mm-view-pkcs7-verify (handle)
   ...)

because this is "signed", not "enveloped".  I'm not very familiar with
this stuff...  but the mm-view-pkcs7-verify function just verifies the
data and doesn't return anything, which explains why I'm getting an
empty article buffer.  But why is this ever useful?  It seems odd,
doesn't it?

Is the -verify function also supposed to return the decoded text?
(Which is "This is some sample content.".)

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

bug#18393: mm-view-pkcs7-verify ignores mml-smime-use

[Jens Lechtenboerger]

On 2019-09-25, Lars Ingebrigtsen wrote:

> (setq smime-CA-file "/tmp/carldssself.pem")
>
> I get a blank article buffer.

Same here.

> [...]
> (defun mm-view-pkcs7-verify (handle)
>    ...)
>
> because this is "signed", not "enveloped".  I'm not very familiar with
> this stuff...  but the mm-view-pkcs7-verify function just verifies the
> data and doesn't return anything, which explains why I'm getting an
> empty article buffer.  But why is this ever useful?  It seems odd,
> doesn't it?
>
> Is the -verify function also supposed to return the decoded text?
> (Which is "This is some sample content.".)

Function mm-view-pkcs7-verify calls (mm-insert-part handle), which
somehow deals with the text for subsequent display.  The search for
"Content-Type" suggests that this is only meant for multi-part
e-mails, for which it really works.  In this case, however, it
inserts the text among binary data, which seems to fail subsequently.

Best wishes
Jens

bug#18393: mm-view-pkcs7-verify ignores mml-smime-use

[Lars Ingebrigtsen]

Jens Lechtenboerger <lechten@wi.uni-muenster.de> writes:

> On 2019-09-25, Lars Ingebrigtsen wrote:
>
>> (setq smime-CA-file "/tmp/carldssself.pem")
>>
>> I get a blank article buffer.
>
> Same here.

I've now fixed this on the trunk.

>> [...]
>> (defun mm-view-pkcs7-verify (handle)
>>    ...)
>>
>> because this is "signed", not "enveloped".  I'm not very familiar with
>> this stuff...  but the mm-view-pkcs7-verify function just verifies the
>> data and doesn't return anything, which explains why I'm getting an
>> empty article buffer.  But why is this ever useful?  It seems odd,
>> doesn't it?
>>
>> Is the -verify function also supposed to return the decoded text?
>> (Which is "This is some sample content.".)
>
> Function mm-view-pkcs7-verify calls (mm-insert-part handle), which
> somehow deals with the text for subsequent display.

But that's just the raw data that's supposed to be verified.  "openssl
smime" outputs the actual verified data, so I've adjusted the callers to
return that.

In addition, whatever that function inserted in that buffer was just
discarded.

*phew*

OK, so now it works for the case you weren't using, so now I can start
working on the actual bug report.  :-)

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

bug#18393: mm-view-pkcs7-verify ignores mml-smime-use

[Lars Ingebrigtsen]

Lars Ingebrigtsen <larsi@gnus.org> writes:

> OK, so now it works for the case you weren't using, so now I can start
> working on the actual bug report.  :-)

And that part was trivial.  :-)  Can you check whether this works for
you now with the test email?

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

bug#18393: mm-view-pkcs7-verify ignores mml-smime-use

[Jens Lechtenboerger]

On 2019-09-26, Lars Ingebrigtsen wrote:

> Lars Ingebrigtsen <larsi@gnus.org> writes:
>
>> OK, so now it works for the case you weren't using, so now I can start
>> working on the actual bug report.  :-)
>
> And that part was trivial.  :-)  Can you check whether this works for
> you now with the test email?

Yes, many thanks for your efforts!  This works for the test mail and
for multipart mails.

Best wishes
Jens

bug#18393: mm-view-pkcs7-verify ignores mml-smime-use

[Jens Lechtenboerger]

On 2019-09-27, Jens Lechtenboerger wrote:

> On 2019-09-26, Lars Ingebrigtsen wrote:
>
>> Lars Ingebrigtsen <larsi@gnus.org> writes:
>>
>>> OK, so now it works for the case you weren't using, so now I can start
>>> working on the actual bug report.  :-)
>>
>> And that part was trivial.  :-)  Can you check whether this works for
>> you now with the test email?
>
> Yes, many thanks for your efforts!  This works for the test mail and
> for multipart mails.

One addition: If verification fails, just an empty buffer is shown,
without any indication what went wrong.  An error message would be
nice, also an option to see the text anyways.

Best wishes
Jens

bug#18393: mm-view-pkcs7-verify ignores mml-smime-use

[Lars Ingebrigtsen]

Jens Lechtenboerger <lechten@wi.uni-muenster.de> writes:

>> Yes, many thanks for your efforts!  This works for the test mail and
>> for multipart mails.

Thanks for checking.

> One addition: If verification fails, just an empty buffer is shown,
> without any indication what went wrong.  An error message would be
> nice, also an option to see the text anyways.

Yes, that's true.  Could you send me a couple of messages where
verification should fail for me so that I can test?  Perhaps we should
start building a test suite...

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

bug#18393: mm-view-pkcs7-verify ignores mml-smime-use

[Jens Lechtenboerger]

[-- Attachment #1: Type: text/plain, Size: 888 bytes --]

On 2019-09-27, Lars Ingebrigtsen wrote:

> Jens Lechtenboerger <lechten@wi.uni-muenster.de> writes:
>
>> One addition: If verification fails, just an empty buffer is shown,
>> without any indication what went wrong.  An error message would be
>> nice, also an option to see the text anyways.
>
> Yes, that's true.  Could you send me a couple of messages where
> verification should fail for me so that I can test?  Perhaps we should
> start building a test suite...

Actually, I was too fast.  I had a problem with my keyring, which
resulted in verification errors, which in turn resulted in empty
buffers.  I’m not sure how to test this.

Attached you find an e-mail where I just changed some bytes in the
text, keeping the old signature.  Verification fails, but the
messages is displayed without any indication of the verification
failure.

Best wishes
Jens


[-- Attachment #2: rfc4134-invalid-sig.mail --]
[-- Type: application/octet-stream, Size: 1605 bytes --]

MIME-Version: 1.0
To: User2@examples.com
From: aliceDss@examples.com
Subject: Example 4.9 - changed
Message-Id: <021031164540300.304@examples.com>
Date: Thu, 31 Oct 2002 16:45:14 -0300
Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type=signed-data
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7m"

MIIDmQYJKoZIhvcNAQcCoIIDijCCA4YCAQExCTAHBgUrDgMCGjAtBgkqhkiG9w0BBwGgIAQeDQpU
aGlzIGlzIHNvbWUgY2hhbmdlZGNvbnRlbnQuoIIC4DCCAtwwggKboAMCAQICAgDIMAkGByqGSM44
BAMwEjEQMA4GA1UEAxMHQ2FybERTUzAeFw05OTA4MTcwMTEwNDlaFw0zOTEyMzEyMzU5NTlaMBMx
ETAPBgNVBAMTCEFsaWNlRFNTMIIBtjCCASsGByqGSM44BAEwggEeAoGBAIGNze2D6gqeOT7CSCij
5EeT3Q7XqA7sU8WrhAhP/5Thc0h+DNbzREjR/p+vpKGJL+HZMMg23j+bv7dM3F9piuR10DcMkQiV
m96nXvn89J8v3UOoi1TxP7AHCEdNXYjDw7Wz41UIddU5dhDEeL3/nbCElzfy5FEbteQJllzzflvb
AhUA4kemGkVmuBPG2o+4NyErYov3k80CgYAmONAUiTKqOfs+bdlLWWpMdiM5BAI1XPLLGjDDHlBd
3ZtZ4s2qBT1YwHuiNrhuB699ikIlp/R1z0oIXks+kPht6pzJIYo7dhTpzi5dowfNI4W4LzABfG1J
iRGJNkS9+MiVSlNWteL5c+waYTYfEX/Cve3RUP+YdMLRgUpgObo2OQOBhAACgYBc47ladRSWC6l6
3eM/qeysXty9txMRNKYWiSgRI9k0hmd1dRMSPUNbb+VRv/qJ8qIbPiR9PQeNW2PIu0WloErjhdbO
BoA/6CN+GvIkq1MauCcNHu8Iv2YUgFxirGX6FYvxuzTU0pY39mFHssQyhPB+QUD9RqdjTjPypeL0
8oPluKOBgTB/MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgbAMB8GA1UdIwQYMBaAFHBEPoIu
b4feStN14z0gvEMrk/EfMB0GA1UdDgQWBBS+bKGz48H37UNwpM4TAeL945f+zTAfBgNVHREEGDAW
gRRBbGljZURTU0BleGFtcGxlLmNvbTAJBgcqhkjOOAQDAzAAMC0CFFUMpBkfQiuJcSIzjYNqtT1n
a79FAhUAn2FTUlQLXLLd2ud2HeIQUltDXr0xYzBhAgEBMBgwEjEQMA4GA1UEAxMHQ2FybERTUwIC
AMgwBwYFKw4DAhowCQYHKoZIzjgEAwQuMCwCFD1cSW6LIUFzeXle3YI5SKSBer/sAhQmCq7s/CTF
HOEjgASeUjbMpx5g6A==

bug#18393: mm-view-pkcs7-verify ignores mml-smime-use

[Lars Ingebrigtsen]

Jens Lechtenboerger <lechten@wi.uni-muenster.de> writes:

> Actually, I was too fast.  I had a problem with my keyring, which
> resulted in verification errors, which in turn resulted in empty
> buffers.  I’m not sure how to test this.
>
> Attached you find an e-mail where I just changed some bytes in the
> text, keeping the old signature.  Verification fails, but the
> messages is displayed without any indication of the verification
> failure.

Thanks.

The more I dig into the entire framework for reporting errors in
encrypted/signed messages we have, the more inadequate it seems.

If you have a multipart/signed message, and you have

(setq gnus-buttonized-mime-types '("multipart/\\(signed\\|encrypted\\)"))

then the button (!) will tell you whether the verification of the
signature was successful or not.  And the decryption/verification
functions alter the mm-security-handle bound by
mm-possibly-verify-or-decrypt to enable this...  er...  reporting.

If you don't have the button (and by default that variable is nil),
you'll get no feedback whatsoever.

In the case of the message you sent me, it's not a multipart message, so
no buttons are inserted anyway, so you never ever get any feedback.

This doesn't seem the right way to do security-related functionality.

I think the principle here should be, when displaying signed/encrypted
messages, that Gnus should, by default:

 1) say that what you're viewing is signed/encrypted and
 2) explicitly say whether the signature was verified or not, and if
    there were any error messages, it should report them.

But 1) should not be done in an obnoxious way.

But I should be doing more testing before I start hacking away, and have
a bigger test corpus.

Does anybody know of one that's handy with different signing/encryption
methods?

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

bug#18393: mm-view-pkcs7-verify ignores mml-smime-use

[Jens Lechtenboerger]

On 2019-09-27, at 17:19, Lars Ingebrigtsen wrote:

> But I should be doing more testing before I start hacking away, and have
> a bigger test corpus.
>
> Does anybody know of one that's handy with different signing/encryption
> methods?

At the end of 2015, when gnus was still maintained in its own
repository (https://git.gnus.org/gnus.git) and had a "lisp/tests"
subdirectory, I refactored gnus code for OpenPGP and S/MIME and
added tests/gnustest-mml-sec.el with key material in
tests/mml-gpghome (with expired subkeys, disabled keys, revoked
uids).  I don’t know whether that is still publicly accessible
anywhere but I’ve got a local copy with my merged branch if you are
interested.

I did not create S/MIME messages of the form of this bug report.

Best wishes
Jens

bug#18393: mm-view-pkcs7-verify ignores mml-smime-use

[Lars Ingebrigtsen]

Jens Lechtenboerger <lechten@wi.uni-muenster.de> writes:

> At the end of 2015, when gnus was still maintained in its own
> repository (https://git.gnus.org/gnus.git) and had a "lisp/tests"
> subdirectory, I refactored gnus code for OpenPGP and S/MIME and
> added tests/gnustest-mml-sec.el with key material in
> tests/mml-gpghome (with expired subkeys, disabled keys, revoked
> uids).  I don’t know whether that is still publicly accessible
> anywhere but I’ve got a local copy with my merged branch if you are
> interested.

I do not seem to have a "mml-gpghome" directory on any of my machines.
Could you tar up and mail me the test data?

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

bug#18393: mm-view-pkcs7-verify ignores mml-smime-use

[Jens Lechtenboerger]

On 2019-09-28, at 19:55, Lars Ingebrigtsen wrote:

> Jens Lechtenboerger <lechten@wi.uni-muenster.de> writes:
>
>> At the end of 2015, when gnus was still maintained in its own
>> repository (https://git.gnus.org/gnus.git) and had a "lisp/tests"
>> subdirectory, I refactored gnus code for OpenPGP and S/MIME and
>> added tests/gnustest-mml-sec.el with key material in
>> tests/mml-gpghome (with expired subkeys, disabled keys, revoked
>> uids).  I don’t know whether that is still publicly accessible
>> anywhere but I’ve got a local copy with my merged branch if you are
>> interested.
>
> I do not seem to have a "mml-gpghome" directory on any of my machines.
> Could you tar up and mail me the test data?

I uploaded a tar archive for the test directory here:
https://uni-muenster.sciebo.de/s/OIfu8cUSgqRfhVs

The file gnustest-mml-sec.README contains initial pointers.

Best wishes
Jens

bug#18393: mm-view-pkcs7-verify ignores mml-smime-use

[Lars Ingebrigtsen]

Jens Lechtenboerger <lechten@wi.uni-muenster.de> writes:

> I uploaded a tar archive for the test directory here:
> https://uni-muenster.sciebo.de/s/OIfu8cUSgqRfhVs
>
> The file gnustest-mml-sec.README contains initial pointers.

Thanks; I'll have a look and possibly put some of the tests into the
Emacs test directory.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

bug#18393: mm-view-pkcs7-verify ignores mml-smime-use

[Lars Ingebrigtsen]

I've now started the job of reporting reporting back
decryption/verification errors.  The first bit is just a refactoring of
the code with some helper functions to make it really explicit when
things fail or not.  There should be no functional change so far...

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

bug#18393: mm-view-pkcs7-verify ignores mml-smime-use

[Lars Ingebrigtsen]

Lars Ingebrigtsen <larsi@gnus.org> writes:

> Jens Lechtenboerger <lechten@wi.uni-muenster.de> writes:
>
>> I uploaded a tar archive for the test directory here:
>> https://uni-muenster.sciebo.de/s/OIfu8cUSgqRfhVs
>>
>> The file gnustest-mml-sec.README contains initial pointers.
>
> Thanks; I'll have a look and possibly put some of the tests into the
> Emacs test directory.

I've now added these tests to Emacs 28.

I think that covers all the specific bugs reported in this bug report,
so I'm closing it.  If there are more bugs in this area (and I'm sure
there are), please open new reports.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no