• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use View topic Item7848 for generic doc work for TWiki-6.1.1. Use View topic Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
Does this site look broken?. Use the LitterTray web for test cases.

Item6948: S/MIME notification support is incomplete

Item Form Data

AppliesTo: Component: Priority: CurrentState: WaitingFor: TargetRelease ReleasedIn
Engine Several Normal Closed   major 6.0.0

Edit Form Data

Summary:
Reported By:
Codebase:
Applies To:
Component:
Priority:
Current State:
Waiting For:
Target Release:
Released In:
 

Detail

Corresponding proposal at TWiki:Codev/SmimeUpgrade.

When I initially implemented S/MIME signatures for TWiki notification support, there were some limitations.

They can now be lifted.

Specifically:

  • Net::SMTP can now be used as a mailer for S/MIME
  • The Configure GUI checks certificates and private keys to reduce the opportunity for configuration errors.
  • DES3-encrypted private key files can be used to store keys used to send mail.

This checkin also includes in tools/ scripts used to run web statistics and mail notify on my sites. This is related to S/MIME in that they use the S/MIME certificate/keys for mail notify, and for authentication (X509Plugin) on client certficate controlled websites. (They don't require this, however.) They were posted on twiki.org some years ago, but have been updated to support encrypted passwords when running mailnotify. I'm including them in the MANIFEST for the core and recomend their use on all sites. However, for now I'm not updating the install docs.

For compatibility with behavior of another wiki, certificate problems will now cause notifications to be sent unsigned. These events are logged as warnings. I think this is bad behavior, but we can adjust it (or add yet another config knob to die in such cases) later.

-- TWiki:Main/TimotheLitt - 2012-09-30

Checked-in, remaining action is up to others.

The checkin included some apparently "unused" files; this was intentional, as they are related to the checker and will be used momentarily.

-- TWiki:Main.TimotheLitt - 2012-09-30

Release Note:

This release upgrades support for TWiki-initated Signed (secure)email.

Signed notifications (still) require the CPAN:Crypt::SMIME module. If it is not installed, Configure will now complain, but each email sent will still generate an entry in the warning log. In this case, the email will be sent unsigned. Don't do that.

Configure will verify the certificate and key file contents if CPAN:Crypt::X509 and CPAN:Convert::PEM are installed. This is highly recommended, as they can detect configuration errors that even experts have been known to make. If theses modules are not present, Configure will recommend them, but for compatability with any existing installations, their absence will not prevent signed email from being sent. (If the files are OK).

If signed e-mail is not in use (both the certificate and key file configuration items are empty), none of these CPAN modules need to be installed.

DES3-encrypted private key files can now be used to store keys used to send mail. We recommend encrypting private key files, even though the password is stored in plaintext in the TWiki configuration file.

-- TWiki:Main.TimotheLitt - 2012-10-01

Thank you Timothe!

-- TWiki:Main.PeterThoeny - 2012-10-10

ItemTemplate
Summary S/MIME notification support is incomplete
ReportedBy TWiki:Main.TimotheLitt
Codebase ~twiki4
SVN Range TWiki-5.1.1-trunk, Fri, 28 Sep 2012, build 23444
AppliesTo Engine
Component Several
Priority Normal
CurrentState Closed
WaitingFor

Checkins TWikirev:23445 TWikirev:23446 TWikirev:23453 TWikirev:23454 TWikirev:23455 TWikirev:23457 TWikirev:23458 TWikirev:23459 TWikirev:23460
TargetRelease major
ReleasedIn 6.0.0
Edit | Attach | Watch | Print version | History: r18 < r17 < r16 < r15 < r14 | Backlinks | Raw View |  Raw edit | More topic actions
Topic revision: r18 - 2013-10-15 - PeterThoeny
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback