[rescue] S/MIME and mutt
Phil Stracchino
phils at caerllewys.net
Sat Jul 19 20:14:40 UTC 2025
On 7/19/25 16:04, Stuff Received via rescue wrote:
> On 2025-07-19 12:57, Phil Stracchino via rescue wrote:
>> On 7/18/25 13:09, Patrick Giagnocavo wrote:
>>> Can you use a command line client like openssl s_client to check the
>>> certificates? If a chained certificate it has to have the intermediate
>>> certificate in a particular order.
>>
>>
>> The certificate is known good. What I've been unable to determine is
>> why mutt, specifically, seems to be unable to validate it.
>
> I found the following instructions for using mutt with S/MIME certs:
>
> https://whirlpool.u.blinkenshell.org/pages/using-mutt-and-smime-for-encrypted-mails.html
Yeah, I already found that too. It didn't help. Not least because it's
for mutt 1.5 and references configuration variables that don't exist.
> You wrote that mutt is unable to validate the cert. Do you know the
> cert chain back to a trusted pubkey?
I haven't tried manually validating the cert myself using other tools,
but I know it to be working for other people, the sender is a FAR higher
level cryptography geek than I, and IN THEORY I have correctly
configured gpg (and gpgsm) with the correct CA bundles and told it to
trust them. But mutt just isn't giving me enough *information* to know
at what point validation is failing.
I've also tried neomutt, which I had hoped would be better. In
practice, it seems to be worse; neomutt fails to recognize even many of
the pgp_* configuration lines that work fine in regular mutt.
Perhaps what I really need is to replace mutt (for the couple of
mostly-system mailboxes I use it for) with some hypothetical mutt-*like*
mail client that has proper S/MIME support built in.
--
Phil Stracchino
Fenian House Publishing
phils at caerllewys.net
phil at co.ordinate.org
Landline: +1.603.293.8485
Mobile: +1.603.998.6958
More information about the rescue
mailing list