Bug#838361: mutt: Mutt hangs for minutes while checking S/MIME signed mails
Hi, this bug still exists with mutt 1.10.1-2.1, and I'm unable to work around the issue. Could you provide any solution or workaround? Antonio, how are your investigations going? Thanks, Carsten -- Dr. Carsten Otto cars...@c-otto.de signature.asc Description: PGP signature
Bug#838361: mutt: Mutt hangs for minutes while checking S/MIME signed mails
FWIW, I was having this problem today with mutt 1.7.2-1 from stretch, and I was not able to get around the delay. Sometimes I see some full-screen dialog, possibly made with ncurses, asking about if I should accept a (self-signed?) certificate, but I was not able to interact with it. I didn't wait for the delay, but killed the gpgsm process from a different terminal to get back to mutt. Mutt then says "S/MIME signature could NOT be verified", and shows "Error: verification failed: End of file" in the mail body: [-- Attachment #1 --] [-- Type: multipart/signed, Encoding: 7bit, Size: 45K --] [-- Begin signature information --] Error: verification failed: End of file [-- End signature information --] [-- The following data is signed --] [-- Attachment #1 --] [-- Type: text/plain, Encoding: quoted-printable, Size: 2.6K --] Given that the mutt package in stretch is really a mutt with neomutt patches, I tried the neomutt 20180512+dfsg.1-1 from unstable, which works better. There is no delay, but it also says "S/MIME signature could NOT be verified". However, it shows openssl output in the mail body instead: [-- Attachment #1 --] [-- Type: multipart/signed, Encoding: 7bit, Size: 45K --] [-- OpenSSL output follows (current time: Mo 11 Jun 2018 12:56:04 CEST) --] Verification failure 139830712489216:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error:../crypto/pkcs7/pk7_smime.c:285:Verify error:self signed certificate in certificate chain [-- End of OpenSSL output --] [-- The following data is signed --] [-- Attachment #1 --] [-- Type: text/plain; charset=utf-8, Encoding: quoted-printable, Size: 2.6K --] I also tried setting "pinentry-program /usr/bin/pinentry-tty" in my ~/.gnupg/gpg-agent.conf, but that didn't change the behaviour in strech-mutt. Neither did setting "set smime_ask_cert_label = no" in my muttrc. - Roland
Bug#838361: mutt: Mutt hangs for minutes while checking S/MIME signed mails
On Wed, 18 Oct 2017 11:07:11 -0700 Josh Triplett wrote: > I'm experiencing the same issue: opening a mail with an S/MIME signature > just hangs mutt. Apparently the problem can be reproduced on Debian Sid with Mutt 1.10.0-1. Opening S/MIME emails results in Mutt hanging for a long time - in my case approximately 20 seconds. In my case, a pop up opens that says "Do you ultimately trust [a certain CA] to correctly certify user certificates?" - which I think comes from https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=agent/trustlist.c;h=af177b2e26a3647370a0420e2b531ed47d79adcb;hb=HEAD#l664 I can either confirm you "ultimately trust" the CA or reject it - but if I reject it the delay will not go away. Confirming ultimate trust, conversely, will "fix" (so to speak) the delay. It is not clear to me whether it is more of a Mutt problem or rather with GnuPG / gpgme. Thanks for your help. Kind regards, -- Fabio Natali
Bug#838361: mutt: Mutt hangs for minutes while checking S/MIME signed mails
I'm experiencing the same issue: opening a mail with an S/MIME signature just hangs mutt. - Josh Triplett
Bug#838361: [Pkg-mutt-maintainers] Bug#838361: mutt: Mutt hangs for minutes while checking S/MIME signed mails
Control: severity -1 important On Tue, Sep 20, 2016 at 12:13:29PM +0200, Stephan Seitz wrote: > Package: mutt > Version: 1.7.0-5 > Severity: normal > > Dear Maintainer, > > with your last update you set „crypt_use_gpgme=yes” in > „/etc/Muttrc.d/gpg.rc”. While this setting works with PGP signed mails, > trying to open SMIME mails leads to a hanging mutt (more than one minute). > > Looking at the process list I see gpgsm is started. After several minutes > the mail is opened but the signature could not be verified. > > When I set crypt_use_gpgme to no then mutt opens the mail at once. Openssl > is used to check the signature and the signature can be verified. > > I don’t see anything in the documentation what I have to change to get gpgsm > working. The changes only speak about the new gpg handling. > This is not good, let me investigate it and I'll get back to you.
Bug#838361: mutt: Mutt hangs for minutes while checking S/MIME signed mails
Package: mutt Version: 1.7.0-5 Severity: normal Dear Maintainer, with your last update you set „crypt_use_gpgme=yes” in „/etc/Muttrc.d/gpg.rc”. While this setting works with PGP signed mails, trying to open SMIME mails leads to a hanging mutt (more than one minute). Looking at the process list I see gpgsm is started. After several minutes the mail is opened but the signature could not be verified. When I set crypt_use_gpgme to no then mutt opens the mail at once. Openssl is used to check the signature and the signature can be verified. I don’t see anything in the documentation what I have to change to get gpgsm working. The changes only speak about the new gpg handling. Many greetings, Stephan -- Package-specific info: NeoMutt 20160910 (1.7.0) Copyright (C) 1996-2016 Michael R. Elkins and others. Mutt comes with ABSOLUTELY NO WARRANTY; for details type `mutt -vv'. Mutt is free software, and you are welcome to redistribute it under certain conditions; type `mutt -vv' for details. System: Linux 4.7.4 (x86_64) libidn: 1.33 (compiled with 1.33) hcache backend: tokyocabinet 1.4.48 Compiler: Using built-in specs. COLLECT_GCC=gcc COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/6/lto-wrapper Target: x86_64-linux-gnu Configured with: ../src/configure -v --with-pkgversion='Debian 6.2.0-3' --with-bugurl=file:///usr/share/doc/gcc-6/README.Bugs --enable-languages=c,ada,c++,java,go,d,fortran,objc,obj-c++ --prefix=/usr --program-suffix=-6 --enable-shared --enable-linker-build-id --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --libdir=/usr/lib --enable-nls --with-sysroot=/ --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --with-default-libstdcxx-abi=new --enable-gnu-unique-object --disable-vtable-verify --enable-libmpx --enable-plugin --with-system-zlib --disable-browser-plugin --enable-java-awt=gtk --enable-gtk-cairo --with-java-home=/usr/lib/jvm/java-1.5.0-gcj-6-amd64/jre --enable-java-home --with-jvm-root-dir=/usr/lib/jvm/java-1.5.0-gcj-6-amd64 --with-jvm-jar-dir=/usr/lib/jvm-exports/java-1.5.0-gcj-6-amd64 --with-arch-directory=amd64 --with-ecj-jar=/usr/share/java/eclipse-ecj.jar --enable-objc-gc --enable-multiarch --with-arch-32=i686 --with-abi=m64 --with-multilib-list=m32,m64,mx32 --enable-multilib --with-tune=generic --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu Thread model: posix gcc version 6.2.0 20160901 (Debian 6.2.0-3) Configure options: '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=\${prefix}/include' '--mandir=\${prefix}/share/man' '--infodir=\${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-silent-rules' '--libdir=\${prefix}/lib/x86_64-linux-gnu' '--libexecdir=\${prefix}/lib/x86_64-linux-gnu' '--disable-maintainer-mode' '--disable-dependency-tracking' '--with-mailpath=/var/mail' '--enable-compressed' '--enable-debug' '--enable-fcntl' '--enable-hcache' '--enable-gpgme' '--enable-imap' '--enable-smtp' '--enable-pop' '--enable-sidebar' '--enable-nntp' '--enable-notmuch' '--disable-fmemopen' '--with-curses' '--with-gnutls' '--with-gss' '--with-idn' '--with-mixmaster' '--with-sasl' '--without-gdbm' '--without-bdb' '--without-qdbm' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fdebug-prefix-map=/build/mutt-eJ8cNY/mutt-1.7.0=. -fPIE -fstack-protector-strong -Wformat -Werror=format-security' 'LDFLAGS=-fPIE -pie -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2' Compilation CFLAGS: -Wall -pedantic -Wno-long-long -g -O2 -fdebug-prefix-map=/build/mutt-eJ8cNY/mutt-1.7.0=. -fPIE -fstack-protector-strong -Wformat -Werror=format-security Compile options: +CRYPT_BACKEND_CLASSIC_PGP +CRYPT_BACKEND_CLASSIC_SMIME +CRYPT_BACKEND_GPGME +DEBUG +DL_STANDALONE +ENABLE_NLS -EXACT_ADDRESS -HOMESPOOL -LOCALES_HACK -SUN_ATTACHMENT +HAVE_BKGDSET +HAVE_COLOR +HAVE_CURS_SET +HAVE_GETADDRINFO +HAVE_GETSID +HAVE_ICONV +HAVE_LANGINFO_CODESET +HAVE_LANGINFO_YESEXPR +HAVE_LIBIDN +HAVE_META +HAVE_REGCOMP +HAVE_RESIZETERM +HAVE_START_COLOR +HAVE_TYPEAHEAD +HAVE_WC_FUNCS +ICONV_NONTRANS +USE_COMPRESSED +USE_DOTLOCK +USE_FCNTL -USE_FLOCK -USE_FMEMOPEN -USE_GNU_REGEX +USE_GSS +USE_HCACHE +USE_IMAP +USE_NOTMUCH +USE_NNTP +USE_POP +USE_SASL +USE_SETGID +USE_SIDEBAR +USE_SMTP +USE_SSL_GNUTLS -USE_SSL_OPENSSL -DOMAIN MIXMASTER="mixmaster" -ISPELL SENDMAIL="/usr/sbin/sendmail" MAILPATH="/var/mail" PKGDATADIR="/usr/share/mutt" SYSCONFDIR="/etc" EXECSHELL="/bin/sh" patch-attach-headers-color-neomutt patch-compress-neomutt patch-cond-date-neomutt patch-encrypt-to-self-neomutt patch-fmemopen-neomutt patch-forgotten-attachments-neomutt patch-ifdef-neomutt patch-index-color-neomutt patch-initials-neomutt patch-keywords-neomutt patch-limit-current-thread-neomutt patch-lmdb-neomutt patch-multiple-fcc-neomutt patch-nested-if-neomutt patch-new-mail-neomutt patch-nntp-neomutt patch-notmuch-neomutt patch-progress-neomutt