From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id UExYBrjfqV7AUwAA0tVLHw (envelope-from ) for ; Wed, 29 Apr 2020 20:12:40 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id SMwWIMDfqV6hPAAA1q6Kng (envelope-from ) for ; Wed, 29 Apr 2020 20:12:48 +0000 Received: from arlo.cworth.org (arlo.cworth.org [50.126.95.6]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 9DEC4943AB9 for ; Wed, 29 Apr 2020 20:12:46 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by arlo.cworth.org (Postfix) with ESMTP id ACA016DE1385; Wed, 29 Apr 2020 13:12:42 -0700 (PDT) X-Virus-Scanned: Debian amavisd-new at cworth.org Received: from arlo.cworth.org ([127.0.0.1]) by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6u8Yp9MytLzO; Wed, 29 Apr 2020 13:12:42 -0700 (PDT) Received: from arlo.cworth.org (localhost [IPv6:::1]) by arlo.cworth.org (Postfix) with ESMTP id C58136DE136D; Wed, 29 Apr 2020 13:12:40 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by arlo.cworth.org (Postfix) with ESMTP id ABC8D6DE136D for ; Wed, 29 Apr 2020 13:12:38 -0700 (PDT) X-Virus-Scanned: Debian amavisd-new at cworth.org Received: from arlo.cworth.org ([127.0.0.1]) by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZFFFGDPBn1aX for ; Wed, 29 Apr 2020 13:12:37 -0700 (PDT) Received: from lahtoruutu.iki.fi (lahtoruutu.iki.fi [212.16.98.55]) by arlo.cworth.org (Postfix) with ESMTPS id 64F686DE102B for ; Wed, 29 Apr 2020 13:12:37 -0700 (PDT) Received: from guru.guru-group.fi (unknown [IPv6:2a02:2380:1:9:5054:ff:feb7:a4bc]) (using TLSv1.2 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: too) by lahtoruutu.iki.fi (Postfix) with ESMTPSA id C1E8B1B00087; Wed, 29 Apr 2020 23:12:35 +0300 (EEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=lahtoruutu; t=1588191155; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=lkGsBxrbfN+POset8yqVzyBF0+c0OxJIYU5x8n34JOY=; b=BafUMWce5jCW3p1g9o1vDEJ7mQniv/8gA8tAQwPw/ufXsoZUDQ55b/AOmUwa6Krlk6zL2E fxZ3rj/dIEfwzc6G2A6CQ/sGh/UHkzkvg5Fkou+TRCHlu1lf2DftfU8HQQ8tqLqAjrzk6b xzgT8LFq4Sj5r6eeb17OnGbh0uzi/o5Q2EIjLC0oZpLg4TJBmtTeaO+98Vy/UX5kOi8Kn0 HcYtHxPiWKomCRutb5zRs9Byb+yZPlEBdxsuuoBIFV5L48GTmitSgtcXCpt7RZWUiat+0l 7nE9MQQDmQ4v46Vc31orTn8fRRruPqumAa0xndu7vlqLjM92OXeZK+ytyX2H9w== From: Tomi Ollila To: Daniel Kahn Gillmor , Notmuch Mail Subject: Re: [PATCH 15/15] tests: disable CRL checks from gpgsm In-Reply-To: <20200428185723.660184-16-dkg@fifthhorseman.net> References: <20200428185723.660184-1-dkg@fifthhorseman.net> <20200428185723.660184-16-dkg@fifthhorseman.net> User-Agent: Notmuch/0.28.3+84~g41389bb (https://notmuchmail.org) Emacs/25.2.1 (x86_64-unknown-linux-gnu) X-Face: HhBM'cA~ MIME-Version: 1.0 ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=lahtoruutu; t=1588191155; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=lkGsBxrbfN+POset8yqVzyBF0+c0OxJIYU5x8n34JOY=; b=hKuqtTg9dB5d0k03boEBJDZrxaZQGuhUnkVr0eoPn1Sr+V/5Ot37fuG9l6q+4MJyzuYPuJ 8Qudo3K79h7n+MUlTiZxXo5zwI+NPoxXRO1TzTR2dUKnxBFY491rJRGAn63zoHiP/d46Yh r2VmyqbpWpnmvDacV/oBa16Rlr4lUNDW1TSwE64F+HCYuLEmpFGLRbNknYf6k40zV2dB1F nMyym0TBDxTb3RLJzNpjZKV8AJaeefQmklVEwJG9cN0hsD3QHKrZ2HZoEx6fBXPzO6P6Wk EefQkHLwImeMF5JJW4UvGGX55tyHTH/4LCiBQUPQQtKyiAZ5znVTJ0BTcsGOlg== ARC-Seal: i=1; s=lahtoruutu; d=iki.fi; t=1588191155; a=rsa-sha256; cv=none; b=gdeExTSLqeANNJpVLfqV07MSFrhRXqcosCDqKflKQIDYjO43YsJq4SjUIM+Qe3DOKgKmzN jKwFiqY6EwFhj/hay6XpB6Fd2ldOGLNYTJ+ccPQwYfKp0Nvf2ZQ9Vp5ZaZORaY/9/UF3OS /2klLWT3jgi2bM1MT5CNlRVSmgN0OY0NAtt5f7e87szZ/6HrQZi7yy7LO2p1L6OGOBROpQ rYa/yNMYEZ4vAsGxvVuN8uqZ6l8zifrcm4nTNkAqD6LyqYZvy9aRsH/JRdOkdq8/LFwAcv EZUJlyQA89hPfC7g8snj9lVpjPSyNI6VQb/pj5EP66KJI7kMFe910GVIvSQZMQ== ARC-Authentication-Results: i=1; ORIGINATING; auth=pass smtp.auth=too smtp.mailfrom=tomi.ollila@iki.fi X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: notmuch-bounces@notmuchmail.org Sender: "notmuch" X-Scanner: scn0 X-Spam-Score: 3.49 Authentication-Results: aspmx1.migadu.com; dkim=fail (body hash did not verify) header.d=iki.fi header.s=lahtoruutu header.b=BafUMWce; dmarc=none; spf=pass (aspmx1.migadu.com: domain of notmuch-bounces@notmuchmail.org designates 50.126.95.6 as permitted sender) smtp.mailfrom=notmuch-bounces@notmuchmail.org X-Scan-Result: default: False [3.49 / 13.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; GENERIC_REPUTATION(0.00)[-0.46144333106189]; MX_INVALID(1.00)[cached]; DWL_DNSWL_FAIL(0.00)[50.126.95.6:server fail]; R_SPF_ALLOW(-0.20)[+a:c]; IP_REPUTATION_HAM(0.00)[asn: 27017(-0.18), country: US(-0.00), ip: 50.126.95.6(-0.46)]; R_DKIM_REJECT(1.00)[iki.fi:s=lahtoruutu]; ARC_REJECT(2.00)[signature check failed: fail, {[1] = sig:iki.fi:reject}]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[iki.fi:-]; RCPT_COUNT_TWO(0.00)[2]; MAILLIST(-0.20)[mailman]; RCVD_IN_DNSWL_FAIL(0.00)[50.126.95.6:server fail]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:27017, ipnet:50.126.64.0/18, country:US]; FROM_NEQ_ENVFROM(0.00)[tomi.ollila@iki.fi,notmuch-bounces@notmuchmail.org]; URIBL_BLOCKED(0.00)[fifthhorseman.net:email,ietf.org:url,notmuchmail.org:email,gnupg.org:url]; FROM_HAS_DN(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[notmuch@notmuchmail.org]; DMARC_NA(0.00)[iki.fi]; HAS_LIST_UNSUB(-0.01)[]; RCVD_COUNT_SEVEN(0.00)[8]; FORGED_SENDER_MAILLIST(0.00)[] X-TUID: 98jqXd8qHugv On Tue, Apr 28 2020, Daniel Kahn Gillmor wrote: > GPGME has a strange failure mode when it is in offline mode, and/or > when certificates don't have any CRLs: in particular, it refuses to > accept the validity of any certificate other than a "root" cert. > > This can be worked around by setting the `disable-crl-checks` > configuration variable for gpgsm. > > I've reported this to the GPGME upstream at > https://dev.gnupg.org/T4883, but I have no idea how it will be > resolved. In the meantime, we'll just work around it. > > Note that this fixes the test for verification of > id:smime-multipart-signed@protected-headers.example, because > multipart/signed messages are already handled correctly (one-part > PKCS#7 messages will get fixed later). > > Signed-off-by: Daniel Kahn Gillmor Rest of the series look tolerable to me. That one missing "inconsistent quotes" is inconsistent with added quotes in one of the changes in previous email (which just did that) Otherwise OK (provided that tests pass) (except that https://www.ietf.org/id/draft-dkg-lamps-samples-01.html if not found (by me either, like David) Tomi