Closed dkg closed 4 years ago
dkg
commented
4 years ago (i ran into this issue while preparing patches to fully handle S/MIME for notmuch -- without this, we won't get the correct reports about the identities of each certificate in a message that was S/MIME-signed)
coveralls
commented
4 years ago Coverage remained the same at 64.685% when pulling 028987016f7f93c6644c39e17a9d4f2b48956ba5 on dkg:validate-smime-certs into b2b2de3378ae4d075ae1c8cb3bc49767faca6264 on jstedfast:master.
dkg
commented
4 years ago thanks for the prompt review and merge, @jstedfast, and for cleaning up after my non-standard coding style. much appreciated.
I see there have been a few changes and bugfixes outstanding on master here -- should we plan for a 3.2.7 release sometime?
jstedfast
commented
4 years ago No problem, and thanks for the patch! You make it easy for me ;-)
Yea, I could make a new release soon (i.e. this weekend?).
dkg
commented
4 years ago for the record, i've uploaded 3.2.6-2 to debian unstable today with this fix so that developers of notmuch can see the corrected behavior.
If you do manage to cut a 3.2.7 release this weekend, i'd be happy to replace 3.2.6-2 in debian with 3.2.7-1. Thanks!
jstedfast
commented
4 years ago Ended up making a 3.2.7 release this weekend, btw.
dkg
commented
4 years ago On Mon 2020-03-23 11:43:07 -0700, Jeffrey Stedfast wrote:
Ended up making a 3.2.7 release this weekend, btw.
yep, it's already in debian :)
Thanks!
--dkg
PKCS7: always set GPGME_KEYLIST_MODE_VALIDATE
When returning X.509 certificates for use with S/MIME, we depend on the validity of the "user IDs" (subject, subjectAltName) in order to populate the GMimeCertificate object.
See the GnuPG documentation for keylist_mode, which claims that there is some sort of "internal cache", but I've seen no evidence that such a cache exists.
See also discussion at GnuPG about the underlying issue, which is what i first tracked it down to.