From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by olra.theworths.org (Postfix) with ESMTP id B926A431FC2 for ; Sat, 17 Jan 2015 12:07:17 -0800 (PST) X-Virus-Scanned: Debian amavisd-new at olra.theworths.org X-Spam-Flag: NO X-Spam-Score: 0.138 X-Spam-Level: X-Spam-Status: No, score=0.138 tagged_above=-999 required=5 tests=[DNS_FROM_AHBL_RHSBL=2.438, RCVD_IN_DNSWL_MED=-2.3] autolearn=disabled Received: from olra.theworths.org ([127.0.0.1]) by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id noUzai8X2Wlr for ; Sat, 17 Jan 2015 12:07:14 -0800 (PST) Received: from outgoing-mail.its.caltech.edu (outgoing-mail.its.caltech.edu [131.215.239.19]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by olra.theworths.org (Postfix) with ESMTPS id 76823431FB6 for ; Sat, 17 Jan 2015 12:07:14 -0800 (PST) Received: from smtp02.caltech.edu (localhost [127.0.0.1]) by filter-return (Postfix) with ESMTP id 9DF606C02A4; Sat, 17 Jan 2015 12:07:12 -0800 (PST) X-Spam-Scanned: at Caltech-IMSS on smtp02.caltech.edu by amavisd-new Received: from finestructure.net (cpe-104-173-172-86.socal.res.rr.com [104.173.172.86]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: jrollins) by smtp-server.its.caltech.edu (Postfix) with ESMTPSA id 0A2936C0192; Sat, 17 Jan 2015 12:07:12 -0800 (PST) Received: by finestructure.net (Postfix, from userid 1000) id 94A9B60142; Sat, 17 Jan 2015 12:07:11 -0800 (PST) From: Jameson Graef Rollins To: David Bremner , Notmuch Mail Subject: Re: SMIME patches v3, with some tests In-Reply-To: <1421491906-14542-1-git-send-email-david@tethera.net> References: <1395031944-15557-1-git-send-email-jrollins@finestructure.net> <1421491906-14542-1-git-send-email-david@tethera.net> User-Agent: Notmuch/0.19+9~gdca38d0 (http://notmuchmail.org) Emacs/24.4.1 (x86_64-pc-linux-gnu) Date: Sat, 17 Jan 2015 12:07:09 -0800 Message-ID: <87wq4ltbma.fsf@servo.finestructure.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Jan 2015 20:07:17 -0000 --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Sat, Jan 17 2015, David Bremner wrote: > Generating the certs was very much trial and error. The net of > a thousand lies may have led me astray a bit in that it may be > possible to do this all with gpgsm and avoid the dependency on > openssl. On the other hand, some tests is better than no tests. Hey, David. Thanks so much for covering our butts and finally putting together these tests. They look good to me. Unfortunately, one of the tests is failing for me, but I'm completely perplexed as to why: T355-smime: Testing S/MIME signature verification and decryption PASS Generate CA Cert PASS Generate User Cert PASS emacs delivery of S/MIME signed message FAIL Signature verification (openssl) --- T355-smime.4.OUTPUT 2015-01-17 19:06:46.806054727 +0000 +++ T355-smime.4.EXPECTED 2015-01-17 19:06:46.806054727 +0000 @@ -1,4 +1,4 @@ Verification successful -Content-Type: text/plain - -This is a test signed message. +Content-Type: text/plain + +This is a test signed message. PASS signature verification (notmuch CLI) ?? There's visually no difference between the supposedly diff'd text. A hd of the output files being compared shows that openssl is using a carriage return '0d' followed by line feed '0a' for every newline, in place of a simple line feed '0a' in the original message file: servo:~/src/notmuch/git [master*] 0$ hd test/tmp.T355-smime/T355-smime.4.EX= PECTED=20 00000000 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 |Content-Type: = te| 00000010 78 74 2f 70 6c 61 69 6e 0a 0a 54 68 69 73 20 69 |xt/plain..This= i| 00000020 73 20 61 20 74 65 73 74 20 73 69 67 6e 65 64 20 |s a test signe= d | 00000030 6d 65 73 73 61 67 65 2e 0a 56 65 72 69 66 69 63 |message..Verif= ic| 00000040 61 74 69 6f 6e 20 73 75 63 63 65 73 73 66 75 6c |ation successf= ul| 00000050 0a |.| 00000051 servo:~/src/notmuch/git [master*] 0$ hd test/tmp.T355-smime/T355-smime.4.OU= TPUT=20 00000000 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 |Content-Type: = te| 00000010 78 74 2f 70 6c 61 69 6e 0d 0a 0d 0a 54 68 69 73 |xt/plain....Th= is| 00000020 20 69 73 20 61 20 74 65 73 74 20 73 69 67 6e 65 | is a test sig= ne| 00000030 64 20 6d 65 73 73 61 67 65 2e 0d 0a 56 65 72 69 |d message...Ve= ri| 00000040 66 69 63 61 74 69 6f 6e 20 73 75 63 63 65 73 73 |fication succe= ss| 00000050 66 75 6c 0a |ful.| 00000054 servo:~/src/notmuch/git [master*] 0$=20 Bad openssl. (Daniel off stage screaming: "why aren't you using certtool!") I also noticed that the "Verification successful" string is not reliably being printed to stderr before the message output. Two possible patches to fix the problems are attached below. The second is maybe slightly preferred, since it eliminates any reliance on broken openssl message output whatsoever. Thanks again for working on this, David. jamie. diff --git a/test/T355-smime.sh b/test/T355-smime.sh index 0e5fd4a..5e3ec72 100755 =2D-- a/test/T355-smime.sh +++ b/test/T355-smime.sh @@ -43,7 +43,9 @@ test_expect_success 'emacs delivery of S/MIME signed mes =20 test_begin_subtest "Signature verification (openssl)" notmuch show --format=3Draw subject:"test signed message 001" |\ =2D openssl smime -verify -CAfile ca.crt >& OUTPUT + openssl smime -verify -CAfile ca.crt 2> OUTPUT +notmuch show --format=3Draw subject:"test signed message 001" |\ + openssl smime -verify -CAfile ca.crt | tr -d '\015' >> OUTPUT cat < EXPECTED Verification successful Content-Type: text/plain diff --git a/test/T355-smime.sh b/test/T355-smime.sh index 0e5fd4a..cba23e0 100755 =2D-- a/test/T355-smime.sh +++ b/test/T355-smime.sh @@ -43,12 +43,9 @@ test_expect_success 'emacs delivery of S/MIME signed me =20 test_begin_subtest "Signature verification (openssl)" notmuch show --format=3Draw subject:"test signed message 001" |\ =2D openssl smime -verify -CAfile ca.crt >& OUTPUT + openssl smime -verify -CAfile ca.crt 2> OUTPUT cat < EXPECTED Verification successful =2DContent-Type: text/plain =2D =2DThis is a test signed message. EOF test_expect_equal_file OUTPUT EXPECTED =20 --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJUusDtAAoJEO00zqvie6q8d6MP/jIyCdqdd+KtyL8IJVc1W+OV 96Fzru7r+Woiy27UgUCjdr3Nw1WYKIZYwOz1IXJg7o5sxGof9NtppSUNQrqIQK0t TIYHz6JqA82LgnW/fuzinLAtpHlm9iCwpJOs0vKHmAhIN4pzBZXRFe5tVhIUy1Pf xt6zNZ0bzZK0pyqVols3moVDxAP4BI2kSDbzVY1geYa9HyIs2m5aQYRKPTmFHnC+ M8zvL0bMsSiVisvex5GLduKwHIxl6ZvnsL2GrEfr1QDz0TrEnkh/ZDN5/s2VFKXM maeMO7GrQw4fhmaq4ldmxJcxbqUlGND8kzvXWxwod9Wdj7QDDnGYrV3hkMFApNGj 7hhjqq2LKFsawBzegsDsgpkAFtA4mF1g/O/1kd2cpe6z3bSPD4O2aVUmFDnFEABQ ytbf5ZdjnF+5mO59iIe3wvDD8JUWkLDd/B5Md8I4cNvxTSe7L5YTHd2PlH1gYeIi cyryDHEJAykNv+L9vglKYw4VsEpZ6S1QhlYHERUlvBUELV7i/xKXAD9WDBXi7lSB QxHwZz5aCm/XsCMNvSq7P32FjLX1aqGuDwD/xmb1vOOc0Xs3uORHa97R3bRlMAND MzNhw4zHtKRU0V9NusNUbuTKIg9COAlSeVsO1x1lfRUSg04AybYMZrxXLZuzadMi atsLuNZEFWUmnpfobM8q =+EsY -----END PGP SIGNATURE----- --=-=-=--