* Kevin J. McCarthy <[email protected]> [2015-05-23 16:20 -0400]:
Thanks for testing my patch so quickly.
No worries.
Before replying below, let me describe the current behavior. Given a cert file with: Leaf-Inter1-Inter2-Inter3-Root the "smime_keys add_cert" will create two files: 1. Leaf 2. Inter1-Inter2-Inter3-Root. and one entry in the index: leaf-email leaf-hash label inter-hash validity
That makes sense, and matches what I saw with either my patch or your (simpler) second patch.
Currently I have left the root cert inside the intermediary file. If this is bad or wrong behaviour, I can change it, it was just easier that way.
I do not think that is bad behavior.
I also noted that the "subject" of the certificate was not being printed as specified on line 888 of the `smime_keys` script. Both resulted from the lack of the "Bag Attributes" string in the output of my openssl command (above) to extract PEM format certificates.Would you mind sending me a private mail with the PEM you generated? The "Bag Attributes" behavior was already in the script, so I'd like to take a look before changing that. Without the "Bag Attributes", the script won't find Subject or Issuer and so won't be able to determine the chains, so each cert would be added separately, as if it were a leaf.
Let me know if you still need the PEM, but I believe the second patch you sent solves the problem.
I would suggest letting the perl script ask for input instead of trying to get the label(s) inside mutt.I'm not sure the is doable in current form. We may have to settle for one label for all the leafs.
That sounds reasonable: the only reason I wanted to be able to label each one individually was to avoid labeling the issuer certificates with the name of the leaf certificate. Given that the issuer certificates are no longer treated as leaves, that is no longer a problem. * Kevin J. McCarthy <[email protected]> [2015-05-23 17:31 -0400]:
Here's a revised patch loosening up the attributes parsing and changing it to only prompt once for a label.
I just tried the new patch and everything works as it should, thanks! Now the only problem is mutt prompting to use the second key every time when trying to encrypt. Regards, -- dave [ please don't CC me ]
signature.asc
Description: PGP signature
