Hi all, I've done some code review to figure out what we can do to workaround/fix this issue since it has annoyed me in the past and I just don't even want to use S/MIME ever really.
Some things I found: since I set crypt_use_gpgme=yes gpgme apparently handles S/MIME directly (didn't know gpg supported it) and the "backend" is /usr/bin/gpgsm. So a very nasty hack is to get rid of this issue is to just symlink gpgsm to /usr/bin/false somewhere on your $PATH: # ln -s /usr/bin/false gpgsm Looking at the code I found the original sin to be at ncrypt/cryptglue.c:crypt_init: #ifdef CRYPT_BACKEND_GPGME if (c_crypt_use_gpgme) { crypto_module_register(&CryptModPgpGpgme); crypto_module_register(&CryptModSmimeGpgme); } #endif this makes it so crypt_use_gpgme=yes enables both gpg and smime support with no way to disable smime at init or message verification time. Not even hooks will help since the crypt module registration runs only once. IMO this is unacceptable as I have no interest in being exposed to the vulnerability surface area of smime despite not having any use for it, so I'm planning to propose a patch to neomutt to move the smime registration to a seperate rc variable. Does anybody think the ability to toggle this per-message would be useful? I can't think of a compelling reason to want that. --Daniel
signature.asc
Description: PGP signature