使用 Mutt 验证 S/MIME 邮件时出现问题

tag-icon tag-icon mutt openssl
使用 Mutt 验证 S/MIME 邮件时出现问题

我在验证时遇到问题一些Mutt 中的 S/MIME 消息。

首先介绍一下背景

$ mutt -v
Mutt 1.5.21 (2010-09-15)
Copyright (C) 1996-2009 Michael R. Elkins and others.
Mutt comes with ABSOLUTELY NO WARRANTY; for details type `mutt -vv'.
Mutt is free software, and you are welcome to redistribute it
under certain conditions; type `mutt -vv' for details.

System: Linux 2.6.40.4-5.fc15.i686 (i686)
ncurses: ncurses 5.8.20110319 (compiled with 5.8)
libidn: 1.19 (compiled with 1.19)
hcache backend: tokyocabinet 1.4.46
Compile options:
-DOMAIN
-DEBUG
-HOMESPOOL  -USE_SETGID  -USE_DOTLOCK  -DL_STANDALONE  +USE_FCNTL  -USE_FLOCK   
+USE_POP  +USE_IMAP  +USE_SMTP  
-USE_SSL_OPENSSL  +USE_SSL_GNUTLS  +USE_SASL  +USE_GSS  +HAVE_GETADDRINFO  
+HAVE_REGCOMP  -USE_GNU_REGEX  
+HAVE_COLOR  +HAVE_START_COLOR  +HAVE_TYPEAHEAD  +HAVE_BKGDSET  
+HAVE_CURS_SET  +HAVE_META  +HAVE_RESIZETERM  
+CRYPT_BACKEND_CLASSIC_PGP  +CRYPT_BACKEND_CLASSIC_SMIME  -CRYPT_BACKEND_GPGME  
-EXACT_ADDRESS  -SUN_ATTACHMENT  
+ENABLE_NLS  -LOCALES_HACK  +HAVE_WC_FUNCS  +HAVE_LANGINFO_CODESET +HAVE_LANGINFO_YESEXPR  
+HAVE_ICONV  -ICONV_NONTRANS  +HAVE_LIBIDN  +HAVE_GETSID  +USE_HCACHE  
ISPELL="/usr/bin/hunspell"
SENDMAIL="/usr/sbin/sendmail"
MAILPATH="/var/mail"
PKGDATADIR="/usr/share/mutt"
SYSCONFDIR="/etc"
EXECSHELL="/bin/sh"
-MIXMASTER
To contact the developers, please mail to <[email protected]>.
To report a bug, please visit http://bugs.mutt.org/.

和 Openssl:OpenSSL 1.0.0e-fips 6 Sep 2011

我正在使用smime.rc与 Mutt 捆绑的产品。

问题

[-- OpenSSL output follows (current time: Mon 26 Sep 2011 01:07:18 PM CDT) --]
Verification failure 30686:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error:pk7_smime.c:245:Verify error:unable to get issuer certificate
[-- End of OpenSSL output --]

据我所知,这种情况发生在属于加州签名的电子邮件发件人证书不在.smime/ca-bundle.crt

因此,为了进一步解决这个问题,我找到了属于这个人的证书,该证书已经使用 ^K 从 Mutt 中获取:

$ openssl x509 -in 5c400f68.0 -subject -issuer -out /dev/null
subject= /C=US/O=U.S. Government/OU=ECA/OU=VeriSign, Inc./OU=**REDACTED**/CN=**REDACTED**
issuer= /C=US/O=U.S. Government/OU=ECA/OU=Certification Authorities/CN=VeriSign Client External Certification Authority - G2

我似乎在我的根文件中有该证书:

$ grep 'VeriSign Client External Certification Authority - G2'  ca-bundle.crt 
Subject: C=US, O=U.S. Government, OU=ECA, OU=Certification Authorities, CN=VeriSign Client External Certification Authority - G2

相关内容