From 0d75d71a6f1b6a8a24ccb7fe4e6a9889b4ff8b0b Mon Sep 17 00:00:00 2001 From: Kevin McCarthy Date: Sat, 13 Apr 2024 13:22:11 +0800 Subject: Add $smime_pkcs7_default_smime_type config option. This works around Outlook sending application/pkcs7-mime ".p7m" parts without a smime-type parameter. Mutt previously hardcoded an assumption that these were SignedData to work around an old Outlook book. However Outlook now appears to also send EnvelopedData in this form. --- contrib/smime.rc | 8 ++++++++ crypt.c | 11 ++++++++--- globals.h | 1 + init.h | 14 ++++++++++++++ 4 files changed, 31 insertions(+), 3 deletions(-) diff --git a/contrib/smime.rc b/contrib/smime.rc index 05c4dffc..dfcd13ea 100644 --- a/contrib/smime.rc +++ b/contrib/smime.rc @@ -104,6 +104,14 @@ set smime_verify_opaque_command="\ openssl smime -verify -inform DER -in %s %C || \ openssl smime -verify -inform DER -in %s -noverify 2>/dev/null" +# application/pkcs7-mime ".p7m" messages should have a smime-type +# parameter to tell Mutt whether it's signed or encrypted data. +# +# If the parameter is missing, Mutt by default assumes it's SignedData. +# This can be used to change Mutt's assumption to EnvelopedData (encrypted). +# +# set smime_pkcs7_default_smime_type="enveloped" + # Section D: Alternatives diff --git a/crypt.c b/crypt.c index a9f7089d..245a7d2a 100644 --- a/crypt.c +++ b/crypt.c @@ -610,9 +610,14 @@ int mutt_is_application_smime (BODY *m) { len++; if (!ascii_strcasecmp ((t+len), "p7m")) - /* Not sure if this is the correct thing to do, but - it's required for compatibility with Outlook */ - return (SMIMESIGN|SMIMEOPAQUE); + { + if (!ascii_strcasecmp (SmimePkcs7DefaultSmimeType, "signed")) + return (SMIMESIGN|SMIMEOPAQUE); + else if (!ascii_strcasecmp (SmimePkcs7DefaultSmimeType, "enveloped")) + return SMIMEENCRYPT; + else + return 0; + } else if (!ascii_strcasecmp ((t+len), "p7s")) return (SMIMESIGN|SMIMEOPAQUE); } diff --git a/globals.h b/globals.h index 06ce410e..631f88a6 100644 --- a/globals.h +++ b/globals.h @@ -311,6 +311,7 @@ WHERE char *SmimeSignOpaqueCommand; WHERE char *SmimeEncryptCommand; WHERE char *SmimeGetSignerCertCommand; WHERE char *SmimePk7outCommand; +WHERE char *SmimePkcs7DefaultSmimeType; WHERE char *SmimeGetCertCommand; WHERE char *SmimeImportCertCommand; WHERE char *SmimeGetCertEmailCommand; diff --git a/init.h b/init.h index b0651c28..5e15a3e3 100644 --- a/init.h +++ b/init.h @@ -4016,6 +4016,20 @@ struct option_t MuttVars[] = { ** edited. This option points to the location of the private keys. ** (S/MIME only) */ + { "smime_pkcs7_default_smime_type", DT_STR, R_NONE, {.p=&SmimePkcs7DefaultSmimeType}, {.p="signed"} }, + /* + ** .pp + ** The application/pkcs7-mime ``.p7m'' type can contain EnvelopedData + ** (encrypted) or SignedData. Senders should add a ``smime-type'' + ** parameter to the content type, to help receiving MUAs correctly + ** handle the data. Unfortunately, some clients (e.g. Outlook) + ** don't add this parameter. + ** .pp + ** This option is used to determine which type to assume when the + ** ``smime-type'' parameter is missing for ``.p7m'' file types. + ** .pp + ** Accepted values are ``enveloped'' and ``signed''. + */ { "smime_pk7out_command", DT_STR, R_NONE, {.p=&SmimePk7outCommand}, {.p=0} }, /* ** .pp -- cgit v1.2.3