Bug#838361: mutt: Mutt hangs for minutes while checking S/MIME signed mails
Hi, this bug still exists with mutt 1.10.1-2.1, and I'm unable to work around the issue. Could you provide any solution or workaround? Antonio, how are your investigations going? Thanks, Carsten -- Dr. Carsten Otto cars...@c-otto.de signature.asc Description: PGP signature
Bug#838361: mutt: Mutt hangs for minutes while checking S/MIME signed mails
FWIW, I was having this problem today with mutt 1.7.2-1 from stretch, and I was not able to get around the delay. Sometimes I see some full-screen dialog, possibly made with ncurses, asking about if I should accept a (self-signed?) certificate, but I was not able to interact with it. I didn't wait for the delay, but killed the gpgsm process from a different terminal to get back to mutt. Mutt then says "S/MIME signature could NOT be verified", and shows "Error: verification failed: End of file" in the mail body: [-- Attachment #1 --] [-- Type: multipart/signed, Encoding: 7bit, Size: 45K --] [-- Begin signature information --] Error: verification failed: End of file [-- End signature information --] [-- The following data is signed --] [-- Attachment #1 --] [-- Type: text/plain, Encoding: quoted-printable, Size: 2.6K --] Given that the mutt package in stretch is really a mutt with neomutt patches, I tried the neomutt 20180512+dfsg.1-1 from unstable, which works better. There is no delay, but it also says "S/MIME signature could NOT be verified". However, it shows openssl output in the mail body instead: [-- Attachment #1 --] [-- Type: multipart/signed, Encoding: 7bit, Size: 45K --] [-- OpenSSL output follows (current time: Mo 11 Jun 2018 12:56:04 CEST) --] Verification failure 139830712489216:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error:../crypto/pkcs7/pk7_smime.c:285:Verify error:self signed certificate in certificate chain [-- End of OpenSSL output --] [-- The following data is signed --] [-- Attachment #1 --] [-- Type: text/plain; charset=utf-8, Encoding: quoted-printable, Size: 2.6K --] I also tried setting "pinentry-program /usr/bin/pinentry-tty" in my ~/.gnupg/gpg-agent.conf, but that didn't change the behaviour in strech-mutt. Neither did setting "set smime_ask_cert_label = no" in my muttrc. - Roland
Bug#838361: mutt: Mutt hangs for minutes while checking S/MIME signed mails
On Wed, 18 Oct 2017 11:07:11 -0700 Josh Triplett wrote: > I'm experiencing the same issue: opening a mail with an S/MIME signature > just hangs mutt. Apparently the problem can be reproduced on Debian Sid with Mutt 1.10.0-1. Opening S/MIME emails results in Mutt hanging for a long time - in my case approximately 20 seconds. In my case, a pop up opens that says "Do you ultimately trust [a certain CA] to correctly certify user certificates?" - which I think comes from https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=agent/trustlist.c;h=af177b2e26a3647370a0420e2b531ed47d79adcb;hb=HEAD#l664 I can either confirm you "ultimately trust" the CA or reject it - but if I reject it the delay will not go away. Confirming ultimate trust, conversely, will "fix" (so to speak) the delay. It is not clear to me whether it is more of a Mutt problem or rather with GnuPG / gpgme. Thanks for your help. Kind regards, -- Fabio Natali
Bug#838361: mutt: Mutt hangs for minutes while checking S/MIME signed mails
I'm experiencing the same issue: opening a mail with an S/MIME signature just hangs mutt. - Josh Triplett
Bug#838361: [Pkg-mutt-maintainers] Bug#838361: mutt: Mutt hangs for minutes while checking S/MIME signed mails
Control: severity -1 important On Tue, Sep 20, 2016 at 12:13:29PM +0200, Stephan Seitz wrote: > Package: mutt > Version: 1.7.0-5 > Severity: normal > > Dear Maintainer, > > with your last update you set „crypt_use_gpgme=yes” in > „/etc/Muttrc.d/gpg.rc”. While this setting works with PGP signed mails, > trying to open SMIME mails leads to a hanging mutt (more than one minute). > > Looking at the process list I see gpgsm is started. After several minutes > the mail is opened but the signature could not be verified. > > When I set crypt_use_gpgme to no then mutt opens the mail at once. Openssl > is used to check the signature and the signature can be verified. > > I don’t see anything in the documentation what I have to change to get gpgsm > working. The changes only speak about the new gpg handling. > This is not good, let me investigate it and I'll get back to you.
Bug#838361: mutt: Mutt hangs for minutes while checking S/MIME signed mails
Package: mutt
Version: 1.7.0-5
Severity: normal
Dear Maintainer,
with your last update you set „crypt_use_gpgme=yes” in
„/etc/Muttrc.d/gpg.rc”. While this setting works with PGP signed mails,
trying to open SMIME mails leads to a hanging mutt (more than one
minute).
Looking at the process list I see gpgsm is started. After several minutes
the mail is opened but the signature could not be verified.
When I set crypt_use_gpgme to no then mutt opens the mail at once.
Openssl is used to check the signature and the signature can be verified.
I don’t see anything in the documentation what I have to change to get
gpgsm working. The changes only speak about the new gpg handling.
Many greetings,
Stephan
-- Package-specific info:
NeoMutt 20160910 (1.7.0)
Copyright (C) 1996-2016 Michael R. Elkins and others.
Mutt comes with ABSOLUTELY NO WARRANTY; for details type `mutt -vv'.
Mutt is free software, and you are welcome to redistribute it
under certain conditions; type `mutt -vv' for details.
System: Linux 4.7.4 (x86_64)
libidn: 1.33 (compiled with 1.33)
hcache backend: tokyocabinet 1.4.48
Compiler:
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/6/lto-wrapper
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Debian 6.2.0-3'
--with-bugurl=file:///usr/share/doc/gcc-6/README.Bugs
--enable-languages=c,ada,c++,java,go,d,fortran,objc,obj-c++ --prefix=/usr
--program-suffix=-6 --enable-shared --enable-linker-build-id
--libexecdir=/usr/lib --without-included-gettext --enable-threads=posix
--libdir=/usr/lib --enable-nls --with-sysroot=/ --enable-clocale=gnu
--enable-libstdcxx-debug --enable-libstdcxx-time=yes
--with-default-libstdcxx-abi=new --enable-gnu-unique-object
--disable-vtable-verify --enable-libmpx --enable-plugin --with-system-zlib
--disable-browser-plugin --enable-java-awt=gtk --enable-gtk-cairo
--with-java-home=/usr/lib/jvm/java-1.5.0-gcj-6-amd64/jre --enable-java-home
--with-jvm-root-dir=/usr/lib/jvm/java-1.5.0-gcj-6-amd64
--with-jvm-jar-dir=/usr/lib/jvm-exports/java-1.5.0-gcj-6-amd64
--with-arch-directory=amd64 --with-ecj-jar=/usr/share/java/eclipse-ecj.jar
--enable-objc-gc --enable-multiarch --with-arch-32=i686 --with-abi=m64
--with-multilib-list=m32,m64,mx32 --enable-multilib --with-tune=generic
--enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu
--target=x86_64-linux-gnu
Thread model: posix
gcc version 6.2.0 20160901 (Debian 6.2.0-3)
Configure options: '--build=x86_64-linux-gnu' '--prefix=/usr'
'--includedir=\${prefix}/include' '--mandir=\${prefix}/share/man'
'--infodir=\${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var'
'--disable-silent-rules' '--libdir=\${prefix}/lib/x86_64-linux-gnu'
'--libexecdir=\${prefix}/lib/x86_64-linux-gnu' '--disable-maintainer-mode'
'--disable-dependency-tracking' '--with-mailpath=/var/mail'
'--enable-compressed' '--enable-debug' '--enable-fcntl' '--enable-hcache'
'--enable-gpgme' '--enable-imap' '--enable-smtp' '--enable-pop'
'--enable-sidebar' '--enable-nntp' '--enable-notmuch' '--disable-fmemopen'
'--with-curses' '--with-gnutls' '--with-gss' '--with-idn' '--with-mixmaster'
'--with-sasl' '--without-gdbm' '--without-bdb' '--without-qdbm'
'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2
-fdebug-prefix-map=/build/mutt-eJ8cNY/mutt-1.7.0=. -fPIE
-fstack-protector-strong -Wformat -Werror=format-security' 'LDFLAGS=-fPIE -pie
-Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
Compilation CFLAGS: -Wall -pedantic -Wno-long-long -g -O2
-fdebug-prefix-map=/build/mutt-eJ8cNY/mutt-1.7.0=. -fPIE
-fstack-protector-strong -Wformat -Werror=format-security
Compile options:
+CRYPT_BACKEND_CLASSIC_PGP +CRYPT_BACKEND_CLASSIC_SMIME +CRYPT_BACKEND_GPGME
+DEBUG +DL_STANDALONE +ENABLE_NLS -EXACT_ADDRESS -HOMESPOOL -LOCALES_HACK
-SUN_ATTACHMENT +HAVE_BKGDSET +HAVE_COLOR +HAVE_CURS_SET +HAVE_GETADDRINFO
+HAVE_GETSID +HAVE_ICONV +HAVE_LANGINFO_CODESET +HAVE_LANGINFO_YESEXPR
+HAVE_LIBIDN +HAVE_META +HAVE_REGCOMP +HAVE_RESIZETERM +HAVE_START_COLOR
+HAVE_TYPEAHEAD +HAVE_WC_FUNCS +ICONV_NONTRANS +USE_COMPRESSED +USE_DOTLOCK
+USE_FCNTL -USE_FLOCK -USE_FMEMOPEN -USE_GNU_REGEX +USE_GSS +USE_HCACHE
+USE_IMAP +USE_NOTMUCH +USE_NNTP +USE_POP +USE_SASL +USE_SETGID +USE_SIDEBAR
+USE_SMTP +USE_SSL_GNUTLS -USE_SSL_OPENSSL
-DOMAIN
MIXMASTER="mixmaster"
-ISPELL
SENDMAIL="/usr/sbin/sendmail"
MAILPATH="/var/mail"
PKGDATADIR="/usr/share/mutt"
SYSCONFDIR="/etc"
EXECSHELL="/bin/sh"
patch-attach-headers-color-neomutt
patch-compress-neomutt
patch-cond-date-neomutt
patch-encrypt-to-self-neomutt
patch-fmemopen-neomutt
patch-forgotten-attachments-neomutt
patch-ifdef-neomutt
patch-index-color-neomutt
patch-initials-neomutt
patch-keywords-neomutt
patch-limit-current-thread-neomutt
patch-lmdb-neomutt
patch-multiple-fcc-neomutt
patch-nested-if-neomutt
patch-new-mail-neomutt
patch-nntp-neomutt
patch-notmuch-neomutt
patch-progress-neomutt
