Hi Albrecht: On 10/10/2019 02:32:56 PM Thu, Albrecht Dreß wrote:
Hi all, attached is a patch which adds displaying certificate chains for TLS and S/MIME. Actually, this has been a requirement at work, where I use balsa… The patch addresses the following: S/MIME signatures: Currently, Balsa shows the certificate data and the issuer's name, serial and chain id. It is not possible to view the entire certification chain. The patch adds a button to the issuer section of a S/MIME signature, which opens a new dialogue, showing the certification tree in the upper and the details of the selected certificate in the lower part. I.e. it is now possible to inspect/verify the whole tree, up to the root certificate. If you have any S/MIME signed messages in a mailbox, you can simply test this feature. TLS: When opening an encrypted SMTP, POP3 or IMAP connection, balsa shows a dialogue with the untrusted certificate, asking whether the user accepts or rejects it. With the patch, if the untrusted certificate is not self-signed and the issuer certificate(s) can be loaded, the whole chain is displayed as above for inspection. For testing, you could temporarily disable the trust for your provider's root certificate, which should pop up the modified dialogue. I order to clean up the code, I shifted all stuff for creating the "certificate display widget" (potentially using GCR) from libbalsa.c (which is crowded anyway) into a new source file. Oh, and I added a SHA256 fingerprint for our own (non-GCR) certificate widget – SHA1 is actually not secure any more these days. Any opinions? Cheers, Albrecht.
Thanks, as always, for the patch! …and apologies for the delay in handling it. Looks good to me, pushed to GitLab. To my shame, I omitted crediting you as the author🤐️ Is there a way to retrospectively fix that? I can't find one🙄️ Peter
Attachment:
pgpodFKM0CUJs.pgp
Description: PGP signature