[rescue] S/MIME and mutt

Stuff Received stuff at riddermarkfarm.ca
Sun Jul 20 00:43:08 UTC 2025 

On 2025-07-19 16:14, Phil Stracchino via rescue wrote:
> On 7/19/25 16:04, Stuff Received via rescue wrote:
>> On 2025-07-19 12:57, Phil Stracchino via rescue wrote:
>>> On 7/18/25 13:09, Patrick Giagnocavo wrote:
>>>> Can you use a command line client like openssl s_client to check the
>>>> certificates? If a chained certificate it has to have the intermediate
>>>> certificate in a particular order.
>>>
>>>
>>> The certificate is known good.  What I've been unable to determine is
>>> why mutt, specifically, seems to be unable to validate it.
>>
>> I found the following instructions for using mutt with S/MIME certs:
>>
>> https://whirlpool.u.blinkenshell.org/pages/using-mutt-and-smime-for-encrypted-mails.html
> 
> Yeah, I already found that too.  It didn't help.  Not least because it's 
> for mutt 1.5 and references configuration variables that don't exist.
>> You wrote that mutt is unable to validate the cert.  Do you know the
>> cert chain back to a trusted pubkey?
> I haven't tried manually validating the cert myself using other tools, 
> but I know it to be working for other people, the sender is a FAR higher 
> level cryptography geek than I, and IN THEORY I have correctly 
> configured gpg (and gpgsm) with the correct CA bundles and told it to 
> trust them.  But mutt just isn't giving me enough *information* to know 
> at what point validation is failing.

Without particulars, I think my help has run its course, Phil.  I have 
used mutt and I certainly have the crypto background but I never used 
mutt with S/MIME.

Does mutt 1.5 have a debug option?

Another option is put debug statements in the smime.c function to see 
where it fails.

S.

> 
> I've also tried neomutt, which I had hoped would be better.  In 
> practice, it seems to be worse; neomutt fails to recognize even many of 
> the pgp_* configuration lines that work fine in regular mutt.
> 
> Perhaps what I really need is to replace mutt (for the couple of 
> mostly-system mailboxes I use it for) with some hypothetical mutt-*like* 
> mail client that has proper S/MIME support built in.
> 
> 
> 
> 
> _______________________________________________
> rescue list - http://sunhelp.org/mailman/listinfo/rescue_sunhelp.org

More information about the rescue mailing list