From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by olra.theworths.org (Postfix) with ESMTP id 16DD7431FB6 for ; Sat, 17 Jan 2015 14:29:21 -0800 (PST) X-Virus-Scanned: Debian amavisd-new at olra.theworths.org X-Spam-Flag: NO X-Spam-Score: 2.438 X-Spam-Level: ** X-Spam-Status: No, score=2.438 tagged_above=-999 required=5 tests=[DNS_FROM_AHBL_RHSBL=2.438] autolearn=disabled Received: from olra.theworths.org ([127.0.0.1]) by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j+60FvmVBXvh for ; Sat, 17 Jan 2015 14:29:17 -0800 (PST) Received: from yantan.tethera.net (yantan.tethera.net [199.188.72.155]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by olra.theworths.org (Postfix) with ESMTPS id DE731431FAF for ; Sat, 17 Jan 2015 14:29:17 -0800 (PST) Received: from remotemail by yantan.tethera.net with local (Exim 4.80) (envelope-from ) id 1YCbrp-0002n3-2d; Sat, 17 Jan 2015 18:29:17 -0400 Received: (nullmailer pid 26281 invoked by uid 1000); Sat, 17 Jan 2015 22:29:11 -0000 From: David Bremner To: Jameson Graef Rollins , Notmuch Mail Subject: Re: [PATCH] test: initial tests for smime In-Reply-To: <87twzpt6e8.fsf@servo.finestructure.net> References: <87wq4ltbma.fsf@servo.finestructure.net> <1421530691-14060-1-git-send-email-david@tethera.net> <87twzpt6e8.fsf@servo.finestructure.net> User-Agent: Notmuch/0.19+27~g29ffde4 (http://notmuchmail.org) Emacs/24.4.1 (x86_64-pc-linux-gnu) Date: Sat, 17 Jan 2015 23:29:11 +0100 Message-ID: <87sif99h3c.fsf@maritornes.cs.unb.ca> MIME-Version: 1.0 Content-Type: text/plain X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Jan 2015 22:29:21 -0000 Jameson Graef Rollins writes: > For some reason PATCH 3/4 no longer applies after substituting in this > patch as PATCH 1/4. Ah, I guess I need to send the whole series again. > > But do we really need to test the message output of openssl? It seems > like it's broken, and if it ever gets fixed we'll need to change this > test. I think it's not so much broken as "canonical". There is some discussion in the openssl-smime man page that pointed me to RFC5751 para 3.1.1 MIME entities of major type "text" MUST have both their line endings and character set canonicalized. The line ending MUST be the pair of characters > But all we really care about is that openssl is properly verifying the > message, yes? Why not just test that and forget about the rest of > openssl's output? Maybe it doesn't add too much as long as the message is using the "clear signed" multipart/signed format. On the other hand there is an opaque signed format (application/pkcs7-mime with Signeddata) too, where it would be interesting to check for mangling of the text. Similarly, when we add a similar test for encryption, I think we do want to check the content, so we'll have to figure this out at some point. Cheers, d