Problema ao verificar mensagens S / MIME com Mutt

3

Estou com problemas para verificar algumas mensagens S / MIME no Mutt.

Primeiro, alguns antecedentes

$ mutt -v
Mutt 1.5.21 (2010-09-15)
Copyright (C) 1996-2009 Michael R. Elkins and others.
Mutt comes with ABSOLUTELY NO WARRANTY; for details type 'mutt -vv'.
Mutt is free software, and you are welcome to redistribute it
under certain conditions; type 'mutt -vv' for details.

System: Linux 2.6.40.4-5.fc15.i686 (i686)
ncurses: ncurses 5.8.20110319 (compiled with 5.8)
libidn: 1.19 (compiled with 1.19)
hcache backend: tokyocabinet 1.4.46
Compile options:
-DOMAIN
-DEBUG
-HOMESPOOL  -USE_SETGID  -USE_DOTLOCK  -DL_STANDALONE  +USE_FCNTL  -USE_FLOCK   
+USE_POP  +USE_IMAP  +USE_SMTP  
-USE_SSL_OPENSSL  +USE_SSL_GNUTLS  +USE_SASL  +USE_GSS  +HAVE_GETADDRINFO  
+HAVE_REGCOMP  -USE_GNU_REGEX  
+HAVE_COLOR  +HAVE_START_COLOR  +HAVE_TYPEAHEAD  +HAVE_BKGDSET  
+HAVE_CURS_SET  +HAVE_META  +HAVE_RESIZETERM  
+CRYPT_BACKEND_CLASSIC_PGP  +CRYPT_BACKEND_CLASSIC_SMIME  -CRYPT_BACKEND_GPGME  
-EXACT_ADDRESS  -SUN_ATTACHMENT  
+ENABLE_NLS  -LOCALES_HACK  +HAVE_WC_FUNCS  +HAVE_LANGINFO_CODESET +HAVE_LANGINFO_YESEXPR  
+HAVE_ICONV  -ICONV_NONTRANS  +HAVE_LIBIDN  +HAVE_GETSID  +USE_HCACHE  
ISPELL="/usr/bin/hunspell"
SENDMAIL="/usr/sbin/sendmail"
MAILPATH="/var/mail"
PKGDATADIR="/usr/share/mutt"
SYSCONFDIR="/etc"
EXECSHELL="/bin/sh"
-MIXMASTER
To contact the developers, please mail to <[email protected]>.
To report a bug, please visit http://bugs.mutt.org/.

e Openssl: OpenSSL 1.0.0e-fips 6 Sep 2011

Estou usando o smime.rc empacotado com o Mutt.

Para o problema

[-- OpenSSL output follows (current time: Mon 26 Sep 2011 01:07:18 PM CDT) --]
Verification failure 30686:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error:pk7_smime.c:245:Verify error:unable to get issuer certificate
[-- End of OpenSSL output --]

AFAIK, isso acontece quando o certificado pertencente à CA que assinou o certificado do remetente do e-mail não está em .smime/ca-bundle.crt

Então, para resolver o problema, localizo o certificado que pertence a essa pessoa, já capturado pelo Mutt usando ^ K:

$ openssl x509 -in 5c400f68.0 -subject -issuer -out /dev/null
subject= /C=US/O=U.S. Government/OU=ECA/OU=VeriSign, Inc./OU=**REDACTED**/CN=**REDACTED**
issuer= /C=US/O=U.S. Government/OU=ECA/OU=Certification Authorities/CN=VeriSign Client External Certification Authority - G2

Parece que tenho o certificado no meu arquivo raiz:

$ grep 'VeriSign Client External Certification Authority - G2'  ca-bundle.crt 
Subject: C=US, O=U.S. Government, OU=ECA, OU=Certification Authorities, CN=VeriSign Client External Certification Authority - G2
    
por JeffG 26.09.2011 / 20:21

0 respostas

Tags