- ** .dt trust .dd sort by the trust of the key
- ** .de
- ** .pp
- ** If you prefer reverse order of the above values, prefix it with
- ** `reverse-'.
- ** (PGP only)
- */
- { "pgp_mime_auto", DT_QUAD, R_NONE, OPT_PGPMIMEAUTO, M_ASKYES },
- /*
- ** .pp
- ** This option controls whether Mutt will prompt you for
- ** automatically sending a (signed/encrypted) message using
- ** PGP/MIME when inline (traditional) fails (for any reason).
- ** .pp
- ** Also note that using the old-style PGP message format is \fBstrongly\fP
- ** \fBdeprecated\fP.
- ** (PGP only)
- */
- { "pgp_auto_decode", DT_BOOL, R_NONE, OPTPGPAUTODEC, 0 },
- /*
- ** .pp
- ** If set, mutt will automatically attempt to decrypt traditional PGP
- ** messages whenever the user performs an operation which ordinarily would
- ** result in the contents of the message being operated on. For example,
- ** if the user displays a pgp-traditional message which has not been manually
- ** checked with the check-traditional-pgp function, mutt will automatically
- ** check the message for traditional pgp.
- */
-
-
- /* XXX Default values! */
-
- { "pgp_decode_command", DT_STR, R_NONE, UL &PgpDecodeCommand, 0},
- /*
- ** .pp
- ** This format strings specifies a command which is used to decode
- ** application/pgp attachments.
- ** .pp
- ** The PGP command formats have their own set of printf-like sequences:
- ** .pp
- ** .dl
- ** .dt %p .dd Expands to PGPPASSFD=0 when a pass phrase is needed, to an empty
- ** string otherwise. Note: This may be used with a %? construct.
- ** .dt %f .dd Expands to the name of a file containing a message.
- ** .dt %s .dd Expands to the name of a file containing the signature part
- ** . of a multipart/signed attachment when verifying it.
- ** .dt %a .dd The value of $$pgp_sign_as.
- ** .dt %r .dd One or more key IDs.
- ** .de
- ** .pp
- ** For examples on how to configure these formats for the various versions
- ** of PGP which are floating around, see the pgp*.rc and gpg.rc files in
- ** the samples/ subdirectory which has been installed on your system
- ** alongside the documentation.
- ** (PGP only)
- */
- { "pgp_getkeys_command", DT_STR, R_NONE, UL &PgpGetkeysCommand, 0},
- /*
- ** .pp
- ** This command is invoked whenever mutt will need public key information.
- ** %r is the only printf-like sequence used with this format.
- ** (PGP only)
- */
- { "pgp_verify_command", DT_STR, R_NONE, UL &PgpVerifyCommand, 0},
- /*
- ** .pp
- ** This command is used to verify PGP signatures.
- ** (PGP only)
- */
- { "pgp_decrypt_command", DT_STR, R_NONE, UL &PgpDecryptCommand, 0},
- /*
- ** .pp
- ** This command is used to decrypt a PGP encrypted message.
- ** (PGP only)
- */
- { "pgp_clearsign_command", DT_STR, R_NONE, UL &PgpClearSignCommand, 0 },
- /*
- ** .pp
- ** This format is used to create a old-style "clearsigned" PGP
- ** message. Note that the use of this format is \fBstrongly\fP
- ** \fBdeprecated\fP.
- ** (PGP only)
- */
- { "pgp_sign_command", DT_STR, R_NONE, UL &PgpSignCommand, 0},
- /*
- ** .pp
- ** This command is used to create the detached PGP signature for a
- ** multipart/signed PGP/MIME body part.
- ** (PGP only)
- */
- { "pgp_encrypt_sign_command", DT_STR, R_NONE, UL &PgpEncryptSignCommand, 0},
- /*
- ** .pp
- ** This command is used to both sign and encrypt a body part.
- ** (PGP only)
- */
- { "pgp_encrypt_only_command", DT_STR, R_NONE, UL &PgpEncryptOnlyCommand, 0},
- /*
- ** .pp
- ** This command is used to encrypt a body part without signing it.
- ** (PGP only)
- */
- { "pgp_import_command", DT_STR, R_NONE, UL &PgpImportCommand, 0},
- /*
- ** .pp
- ** This command is used to import a key from a message into
- ** the user's public key ring.
- ** (PGP only)
- */
- { "pgp_export_command", DT_STR, R_NONE, UL &PgpExportCommand, 0},
- /*
- ** .pp
- ** This command is used to export a public key from the user's
- ** key ring.
- ** (PGP only)
- */
- { "pgp_verify_key_command", DT_STR, R_NONE, UL &PgpVerifyKeyCommand, 0},
- /*
- ** .pp
- ** This command is used to verify key information from the key selection
- ** menu.
- ** (PGP only)
- */
- { "pgp_list_secring_command", DT_STR, R_NONE, UL &PgpListSecringCommand, 0},
- /*
- ** .pp
- ** This command is used to list the secret key ring's contents. The
- ** output format must be analogous to the one used by
- ** gpg --list-keys --with-colons.
- ** .pp
- ** This format is also generated by the pgpring utility which comes
- ** with mutt.
- ** (PGP only)
- */
- { "pgp_list_pubring_command", DT_STR, R_NONE, UL &PgpListPubringCommand, 0},
- /*
- ** .pp
- ** This command is used to list the public key ring's contents. The
- ** output format must be analogous to the one used by
- ** gpg --list-keys --with-colons.
- ** .pp
- ** This format is also generated by the pgpring utility which comes
- ** with mutt.
- ** (PGP only)
- */
- { "forward_decrypt", DT_BOOL, R_NONE, OPTFORWDECRYPT, 1 },
- /*
- ** .pp
- ** Controls the handling of encrypted messages when forwarding a message.
- ** When set, the outer layer of encryption is stripped off. This
- ** variable is only used if ``$$mime_forward'' is \fIset\fP and
- ** ``$$mime_forward_decode'' is \fIunset\fP.
- ** (PGP only)
- */
- { "forw_decrypt", DT_SYN, R_NONE, UL "forward_decrypt", 0 },
- /*
- */
-
- { "smime_timeout", DT_NUM, R_NONE, UL &SmimeTimeout, 300 },
- /*
- ** .pp
- ** The number of seconds after which a cached passphrase will expire if
- ** not used.
- ** (S/MIME only)
- */
- { "smime_encrypt_with", DT_STR, R_NONE, UL &SmimeCryptAlg, 0 },
- /*
- ** .pp
- ** This sets the algorithm that should be used for encryption.
- ** Valid choices are "des", "des3", "rc2-40", "rc2-64", "rc2-128".
- ** If unset "3des" (TripleDES) is used.
- ** (S/MIME only)
- */
- { "smime_keys", DT_PATH, R_NONE, UL &SmimeKeys, 0 },
- /*
- ** .pp
- ** Since there is no pubring/secring as with PGP, mutt has to handle
- ** storage ad retrieval of keys/certs by itself. This is very basic right now,
- ** and stores keys and certificates in two different directories, both
- ** named as the hash-value retrieved from OpenSSL. There is an index file
- ** which contains mailbox-address keyid pair, and which can be manually
- ** edited. This one points to the location of the private keys.
- ** (S/MIME only)
- */
- { "smime_ca_location", DT_PATH, R_NONE, UL &SmimeCALocation, 0 },
- /*
- ** .pp
- ** This variable contains the name of either a directory, or a file which
- ** contains trusted certificates for use with OpenSSL.
- ** (S/MIME only)
- */
- { "smime_certificates", DT_PATH, R_NONE, UL &SmimeCertificates, 0 },
- /*
- ** .pp
- ** Since there is no pubring/secring as with PGP, mutt has to handle
- ** storage and retrieval of keys by itself. This is very basic right
- ** now, and keys and certificates are stored in two different
- ** directories, both named as the hash-value retrieved from
- ** OpenSSL. There is an index file which contains mailbox-address
- ** keyid pairs, and which can be manually edited. This one points to
- ** the location of the certificates.
- ** (S/MIME only)
- */
- { "smime_decrypt_command", DT_STR, R_NONE, UL &SmimeDecryptCommand, 0},
- /*
- ** .pp
- ** This format string specifies a command which is used to decrypt
- ** application/x-pkcs7-mime attachments.
- ** .pp
- ** The OpenSSL command formats have their own set of printf-like sequences
- ** similar to PGP's:
- ** .pp
- ** .dl
- ** .dt %f .dd Expands to the name of a file containing a message.
- ** .dt %s .dd Expands to the name of a file containing the signature part
- ** . of a multipart/signed attachment when verifying it.
- ** .dt %k .dd The key-pair specified with $$smime_default_key
- ** .dt %c .dd One or more certificate IDs.
- ** .dt %a .dd The algorithm used for encryption.
- ** .dt %C .dd CA location: Depending on whether $$smime_ca_location
- ** . points to a directory or file, this expands to
- ** . "-CApath $$smime_ca_location" or "-CAfile $$smime_ca_location".
- ** .de
- ** .pp
- ** For examples on how to configure these formats, see the smime.rc in
- ** the samples/ subdirectory which has been installed on your system
- ** alongside the documentation.
- ** (S/MIME only)
- */
- { "smime_verify_command", DT_STR, R_NONE, UL &SmimeVerifyCommand, 0},
- /*
- ** .pp
- ** This command is used to verify S/MIME signatures of type multipart/signed.
- ** (S/MIME only)
- */
- { "smime_verify_opaque_command", DT_STR, R_NONE, UL &SmimeVerifyOpaqueCommand, 0},
- /*
- ** .pp
- ** This command is used to verify S/MIME signatures of type
- ** application/x-pkcs7-mime.
- ** (S/MIME only)
- */
- { "smime_sign_command", DT_STR, R_NONE, UL &SmimeSignCommand, 0},
- /*
- ** .pp
- ** This command is used to created S/MIME signatures of type
- ** multipart/signed, which can be read by all mail clients.
- ** (S/MIME only)
- */
- { "smime_sign_opaque_command", DT_STR, R_NONE, UL &SmimeSignOpaqueCommand, 0},
- /*
- ** .pp
- ** This command is used to created S/MIME signatures of type
- ** application/x-pkcs7-signature, which can only be handled by mail
- ** clients supporting the S/MIME extension.
- ** (S/MIME only)
- */
- { "smime_encrypt_command", DT_STR, R_NONE, UL &SmimeEncryptCommand, 0},
- /*
- ** .pp
- ** This command is used to create encrypted S/MIME messages.
- ** (S/MIME only)
- */
- { "smime_pk7out_command", DT_STR, R_NONE, UL &SmimePk7outCommand, 0},
- /*
- ** .pp
- ** This command is used to extract PKCS7 structures of S/MIME signatures,
- ** in order to extract the public X509 certificate(s).
- ** (S/MIME only)
- */
- { "smime_get_cert_command", DT_STR, R_NONE, UL &SmimeGetCertCommand, 0},
- /*
- ** .pp
- ** This command is used to extract X509 certificates from a PKCS7 structure.
- ** (S/MIME only)
- */
- { "smime_get_signer_cert_command", DT_STR, R_NONE, UL &SmimeGetSignerCertCommand, 0},
- /*
- ** .pp
- ** This command is used to extract only the signers X509 certificate from a S/MIME
- ** signature, so that the certificate's owner may get compared to the
- ** email's 'From'-field.
- ** (S/MIME only)
- */
- { "smime_import_cert_command", DT_STR, R_NONE, UL &SmimeImportCertCommand, 0},
- /*
- ** .pp
- ** This command is used to import a certificate via smime_keys.
- ** (S/MIME only)
- */
- { "smime_get_cert_email_command", DT_STR, R_NONE, UL &SmimeGetCertEmailCommand, 0},
- /*
- ** .pp
- ** This command is used to extract the mail address(es) used for storing
- ** X509 certificates, and for verification purposes (to check whether the
- ** certificate was issued for the sender's mailbox).
- ** (S/MIME only)
- */
- { "smime_sign_as", DT_SYN, R_NONE, UL "smime_default_key", 0 },
- { "smime_default_key", DT_STR, R_NONE, UL &SmimeDefaultKey, 0 },
- /*
- ** .pp
- ** This is the default key-pair to use for signing. This must be set to the
- ** keyid (the hash-value that OpenSSL generates) to work properly
- ** (S/MIME only)
- */
-
-#if defined(USE_SSL)
-#ifdef USE_SSL_OPENSSL
- { "ssl_client_cert", DT_PATH, R_NONE, UL &SslClientCert, 0 },
- /*
- ** .pp
- ** The file containing a client certificate and its associated private
- ** key.
- */
-#endif /* USE_SSL_OPENSSL */
- { "ssl_force_tls", DT_BOOL, R_NONE, OPTSSLFORCETLS, 0 },
- /*
- ** .pp
- ** If this variable is set, Mutt will require that all connections
- ** to remote servers be encrypted. Furthermore it will attempt to
- ** negotiate TLS even if the server does not advertise the capability,
- ** since it would otherwise have to abort the connection anyway. This
- ** option supersedes ``$$ssl_starttls''.
- */
- { "ssl_starttls", DT_QUAD, R_NONE, OPT_SSLSTARTTLS, M_YES },
- /*
- ** .pp
- ** If set (the default), mutt will attempt to use STARTTLS on servers
- ** advertising the capability. When unset, mutt will not attempt to
- ** use STARTTLS regardless of the server's capabilities.
- */
- { "certificate_file", DT_PATH, R_NONE, UL &SslCertFile, UL "~/.mutt_certificates" },
- /*
- ** .pp
- ** This variable specifies the file where the certificates you trust
- ** are saved. When an unknown certificate is encountered, you are asked
- ** if you accept it or not. If you accept it, the certificate can also
- ** be saved in this file and further connections are automatically
- ** accepted.
- ** .pp
- ** You can also manually add CA certificates in this file. Any server
- ** certificate that is signed with one of these CA certificates are
- ** also automatically accepted.
- ** .pp
- ** Example: set certificate_file=~/.mutt/certificates
- */
-# ifdef USE_SSL_OPENSSL
- { "ssl_usesystemcerts", DT_BOOL, R_NONE, OPTSSLSYSTEMCERTS, 1 },
- /*
- ** .pp
- ** If set to \fIyes\fP, mutt will use CA certificates in the
- ** system-wide certificate store when checking if server certificate
- ** is signed by a trusted CA.
- */
- { "entropy_file", DT_PATH, R_NONE, UL &SslEntropyFile, 0 },
- /*
- ** .pp
- ** The file which includes random data that is used to initialize SSL
- ** library functions.
- */
- { "ssl_use_sslv2", DT_BOOL, R_NONE, OPTSSLV2, 1 },
- /*