From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id mMnxAZuRrF62CQAA0tVLHw (envelope-from ) for ; Fri, 01 May 2020 21:16:11 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id yPxzA6WRrF6YeAAAbx9fmQ (envelope-from ) for ; Fri, 01 May 2020 21:16:21 +0000 Received: from arlo.cworth.org (arlo.cworth.org [50.126.95.6]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 565E4942688 for ; Fri, 1 May 2020 21:16:18 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by arlo.cworth.org (Postfix) with ESMTP id BE4C26DE13B8; Fri, 1 May 2020 14:16:12 -0700 (PDT) X-Virus-Scanned: Debian amavisd-new at cworth.org Received: from arlo.cworth.org ([127.0.0.1]) by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DfMWjBxAb9tP; Fri, 1 May 2020 14:16:12 -0700 (PDT) Received: from arlo.cworth.org (localhost [IPv6:::1]) by arlo.cworth.org (Postfix) with ESMTP id 4C2E96DE0F82; Fri, 1 May 2020 14:16:11 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by arlo.cworth.org (Postfix) with ESMTP id 4DE0E6DE0F82 for ; Fri, 1 May 2020 14:16:09 -0700 (PDT) X-Virus-Scanned: Debian amavisd-new at cworth.org Received: from arlo.cworth.org ([127.0.0.1]) by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U3hxfZB4R2Eq for ; Fri, 1 May 2020 14:16:07 -0700 (PDT) Received: from lahtoruutu.iki.fi (lahtoruutu.iki.fi [212.16.98.55]) by arlo.cworth.org (Postfix) with ESMTPS id 754416DE0F5E for ; Fri, 1 May 2020 14:16:05 -0700 (PDT) Received: from guru.guru-group.fi (unknown [IPv6:2a02:2380:1:9:5054:ff:feb7:a4bc]) (using TLSv1.2 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: too) by lahtoruutu.iki.fi (Postfix) with ESMTPSA id E7E291B00433; Sat, 2 May 2020 00:16:00 +0300 (EEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=lahtoruutu; t=1588367761; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=ZELfUqbMgHyhVEYDM2laSMwCOMgzef6xA/9rN/kNQaU=; b=M+1GxTG0CLyV8esavjoCuO7rYxuJhFnzX07lrSQDUQXB1Xp7U65BuwLViKx9xuGFj2+XoZ TbUOWDLpMn3Op+bdCac420IEK7ORTGNYq4p0FVFFJatQNq4o0dFRe0cmahm3G/XnxDVmKS a1ZwV+towvZf24HYZV3mB/KZHwFGwHG9BuPWP/QctTJIx/ugMtItVUl0nvjIR2Q67kGzxk eJNfhHULD/uRbnzldbt8qr6CshUo4l+MmO4fqpAu4OD6q5CDnXTQ+GizDKb1nZ1p97To8S 80Jpoj/OAXd5K2e3zVu9dXHDKhrsBqJ9I/jgzrCrP/dQhdjxRwQSp1p2YAk0zg== From: Tomi Ollila To: Daniel Kahn Gillmor , Notmuch Mail Subject: Re: Handle PKCS#7 S/MIME messages In-Reply-To: <20200430201328.725651-1-dkg@fifthhorseman.net> References: <20200430201328.725651-1-dkg@fifthhorseman.net> User-Agent: Notmuch/0.28.3+84~g41389bb (https://notmuchmail.org) Emacs/25.2.1 (x86_64-unknown-linux-gnu) X-Face: HhBM'cA~ MIME-Version: 1.0 ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=lahtoruutu; t=1588367761; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=ZELfUqbMgHyhVEYDM2laSMwCOMgzef6xA/9rN/kNQaU=; b=SYlg0Di6zz+RJGjnwPKWY56K/982KH34sjgMiKLmiinC+BRdpXC9bajaikskamUooVcRza iDGm9xVLbJT/hnCLMXJZBYKxCc08u5pOe1g82klPVq+4CKEmLAZrJMFPkZXMI/KjN8GIDV HZya0aUa7K58uN5Vvzzs96CGsTkMoCI+AKxomzUv8C/amo7ZWTmueTHCue5hSxfTvjCMcO GLeNRBziD8KsTLHscpj2VGtQz8EigTqQC4eYJ8eRllNpDHIQXVHzw6RwmUCLsnGEcWkdKm REPglxpPsUYY+P75jcWkojh1wWa7iOYVNTAOu2Z78K1+/m6B0D991j+jy8Sb2g== ARC-Seal: i=1; s=lahtoruutu; d=iki.fi; t=1588367761; a=rsa-sha256; cv=none; b=L+rmQZxyzhDkMDAPuCdXPp+VMBPtYuCcwMiOQtAXUt2Szl7Dn+9ybGsBEJ8uvwif2Xt8MI DTIPpfse9fMh6BjyEtnQ5R180odWHBjgOTgmw7vI5c0vzQz93FiLeY5yoSaFKvVqn8HkBD +bg0Z6CfMOXJmjJf79OVseOYln6WRjQ6j9SA3SOjb3raMx1SPRCrFNBAw9hAcHdNclG2Pw xrZsL3KwRhEgIpQBvwCo0z3hOWHnAn2+26zInp+2XlD6pMW0ecG/CuCtnR0uzKgwJoFmsC yGD84GS9rREG2uZ805zSDR2afKchRHOMLP34dilLqqFnBnVXrN/+K59q74+Neg== ARC-Authentication-Results: i=1; ORIGINATING; auth=pass smtp.auth=too smtp.mailfrom=tomi.ollila@iki.fi X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: notmuch-bounces@notmuchmail.org Sender: "notmuch" X-Scanner: scn0 X-Spam-Score: 3.49 Authentication-Results: aspmx1.migadu.com; dkim=fail (body hash did not verify) header.d=iki.fi header.s=lahtoruutu header.b=M+1GxTG0; dmarc=none; spf=pass (aspmx1.migadu.com: domain of notmuch-bounces@notmuchmail.org designates 50.126.95.6 as permitted sender) smtp.mailfrom=notmuch-bounces@notmuchmail.org X-Scan-Result: default: False [3.49 / 13.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; GENERIC_REPUTATION(0.00)[-0.46713430921682]; MX_INVALID(1.00)[cached]; DWL_DNSWL_FAIL(0.00)[50.126.95.6:server fail]; R_DKIM_REJECT(1.00)[iki.fi:s=lahtoruutu]; R_SPF_ALLOW(-0.20)[+a:c]; IP_REPUTATION_HAM(0.00)[asn: 27017(-0.18), country: US(-0.00), ip: 50.126.95.6(-0.47)]; ARC_REJECT(2.00)[signature check failed: fail, {[1] = sig:iki.fi:reject}]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[iki.fi:-]; RCPT_COUNT_TWO(0.00)[2]; MAILLIST(-0.20)[mailman]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:27017, ipnet:50.126.64.0/18, country:US]; FROM_NEQ_ENVFROM(0.00)[tomi.ollila@iki.fi,notmuch-bounces@notmuchmail.org]; URIBL_BLOCKED(0.00)[fifthhorseman.net:email,notmuchmail.org:email]; FROM_HAS_DN(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[notmuch@notmuchmail.org]; DMARC_NA(0.00)[iki.fi]; HAS_LIST_UNSUB(-0.01)[]; DNSWL_BLOCKED(0.00)[50.126.95.6:from]; RCVD_COUNT_SEVEN(0.00)[8]; FORGED_SENDER_MAILLIST(0.00)[] X-TUID: wy1eegsrJo8B On Thu, Apr 30 2020, Daniel Kahn Gillmor wrote: > This series applies after the "Add tests for S/MIME PKCS#7 messages" > series, which was introduced in > id:20200428185723.660184-1-dkg@fifthhorseman.net > > With this series applied, notmuch handles standard PKCS#7 S/MIME > messages (using GnuPG's gpgsm as a backend, as mediated by GMime's use > of GPGME) as well as it handles PGP/MIME messages. > > In addition to showing and replying to these messages, the series > covers indexing the cleartext of encrypted messages, and understanding > protected headers. I did not see anything suspicious in code, but I got these test failures: in ubuntu 19.10 native environment, and in debian 10 (podman) container running in fedora 31 system T355-smime: Testing S/MIME signature verification and decryption FAIL Verify signature on PKCS#7 SignedData message crypto: value not equal: data[0][0][0]["crypto"]["signed"]["status"][0] = {'status': 'good', 'fingerprint': '702BA4B157F1E2B7D16B0C6A5FFC8A7DE2057DEB', 'created': 1574813489, 'expires': 2611032858} != {'created': 1574813489, 'expires': 2611032858, 'fingerprint': '702BA4B157F1E2B7D16B0C6A5FFC8A7DE2057DEB', 'userid': 'CN=Alice Lovelace', 'status': 'good'} T356-protected-headers: Testing Message decryption with protected headers FAIL verify signed PKCS#7 subject (multipart-signed) sig_uid: object not found: data[0][0][0]["crypto"]["signed"]["status"][0]["userid"] FAIL verify signed PKCS#7 subject (onepart-signed) sig_uid: object not found: data[0][0][0]["crypto"]["signed"]["status"][0]["userid"] FAIL confirm signed and encrypted PKCS#7 subject (sign+enc) sig_uid: object not found: data[0][0][0]["crypto"]["signed"]["status"][0]["userid"] FAIL confirm signed and encrypted PKCS#7 subject (sign+enc+legacy-disp) sig_uid: object not found: data[0][0][0]["crypto"]["signed"]["status"][0]["userid"] > > --dkg Tomi