Re: any documentation for S/MIME setup for mutt? (Re: OT: Checking S/MIME signatures)
On 03-11-25 17:53:00 CET, Christoph Ludwig wrote:
> On Tue, Nov 25, 2003 at 01:05:24PM +0100, Robert Joop wrote:
> > > PS: I am going to sign this posting. You probably don't have our root
> > > CA's public key installed whence the verification will fail. But
> > > at least you should see an error message like "unable to get local
> > > issuer certificate".
> >
> > no, actually i get
> >
> > Verification failure
> > 16485:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify
> > error:pk7_smime.c:222:Verify error:self signed certificate in certificate
> > chain
> >
>
> I forgot that in my .muttrc smime_sign_command is set such that the
> whole certificate chain is attached, not only my own
> certificate. That explains the different error message.
>
> Sorry if I caused any confusion.
no, i think the above error message causes confusion.
self signed certificates are usually (root) CA certificates (X.509v3
basic contraints' CA:true), so the error message shouldn't be that
there's a self signed cert, but that the root CA's cert ain't in the
user's trusted list.
unless of course your cert chain is rather unusual and misled openssl to
this misleading error message... :-)
but no, your CA cert has this flag, the key usage attribute looks ok,
only the 'netscape cert type' 'SSL CA' makes me wonder.
but mutt is no netscape application and the attribute is not marked
critical, so that should do no harm.
> > does anybody know about any documentation of how to set this up, i mean
> > the whole S/MIME stuff for mutt?
>
> In mutt's CVS is a file doc/smime-notes.txt that describes the setup
> step by step. I assume it is also contained in the current
> distribution.
perhaps in the source distribution, but it doesn't come with the debian
packages, /usr/share/doc/mutt/ contains a lot but not this file.
i guess i should file a request for enhancement with debian...
> Do you have any specific questions?
yes, where is the cvs repository? :-)
seriously, i can't find any pointer from www.mutt.org.
the news says that it has moved from ftp.guug.de to ftp.mutt.org, but i
can't find anything more specific, not on the 'downloading' or 'links'
pages, not even by searching the mutt-dev list archive.
and google turns up the old repository address and some empty mutt
repository at sourceforge, or READMEs like
http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/mutt/README?cvsroot=Mutt&rev=HEAD
that tell me that "Anonymous CVS from ftp.mutt.org does not work
any more.", but i failed to find useful information about the current
mutt cvs repository.
i got myself the whole
ftp://ftp.mutt.org/%2fmutt/devel/mutt-1.5.5.1i.tar.gz tarball...
ok, the file is there.
btw, where does smime_keys usually get installed?
on debian, it looks like a command that is not to be used by a normal
user, at least not directly:
rj:~$ smime_keys init
bash: smime_keys: command not found
rj:~$ locate !:0
locate smime_keys
/usr/lib/mutt/smime_keys
rj:~$
debian problem, or more general?
rj