- ** .pp
- ** This is a format string, see the $$pgp_decode_command command for
- ** possible \fCprintf(3)\fP-like sequences.
- ** (PGP only)
- */
- { "pgp_decrypt_command", DT_STR, R_NONE, UL &PgpDecryptCommand, 0},
- /*
- ** .pp
- ** This command is used to decrypt a PGP encrypted message.
- ** .pp
- ** This is a format string, see the $$pgp_decode_command command for
- ** possible \fCprintf(3)\fP-like sequences.
- ** (PGP only)
- */
- { "pgp_clearsign_command", DT_STR, R_NONE, UL &PgpClearSignCommand, 0 },
- /*
- ** .pp
- ** This format is used to create a old-style ``clearsigned'' PGP
- ** message. Note that the use of this format is \fBstrongly\fP
- ** \fBdeprecated\fP.
- ** .pp
- ** This is a format string, see the $$pgp_decode_command command for
- ** possible \fCprintf(3)\fP-like sequences.
- ** (PGP only)
- */
- { "pgp_sign_command", DT_STR, R_NONE, UL &PgpSignCommand, 0},
- /*
- ** .pp
- ** This command is used to create the detached PGP signature for a
- ** \fCmultipart/signed\fP PGP/MIME body part.
- ** .pp
- ** This is a format string, see the $$pgp_decode_command command for
- ** possible \fCprintf(3)\fP-like sequences.
- ** (PGP only)
- */
- { "pgp_encrypt_sign_command", DT_STR, R_NONE, UL &PgpEncryptSignCommand, 0},
- /*
- ** .pp
- ** This command is used to both sign and encrypt a body part.
- ** .pp
- ** This is a format string, see the $$pgp_decode_command command for
- ** possible \fCprintf(3)\fP-like sequences.
- ** (PGP only)
- */
- { "pgp_encrypt_only_command", DT_STR, R_NONE, UL &PgpEncryptOnlyCommand, 0},
- /*
- ** .pp
- ** This command is used to encrypt a body part without signing it.
- ** .pp
- ** This is a format string, see the $$pgp_decode_command command for
- ** possible \fCprintf(3)\fP-like sequences.
- ** (PGP only)
- */
- { "pgp_import_command", DT_STR, R_NONE, UL &PgpImportCommand, 0},
- /*
- ** .pp
- ** This command is used to import a key from a message into
- ** the user's public key ring.
- ** .pp
- ** This is a format string, see the $$pgp_decode_command command for
- ** possible \fCprintf(3)\fP-like sequences.
- ** (PGP only)
- */
- { "pgp_export_command", DT_STR, R_NONE, UL &PgpExportCommand, 0},
- /*
- ** .pp
- ** This command is used to export a public key from the user's
- ** key ring.
- ** .pp
- ** This is a format string, see the $$pgp_decode_command command for
- ** possible \fCprintf(3)\fP-like sequences.
- ** (PGP only)
- */
- { "pgp_verify_key_command", DT_STR, R_NONE, UL &PgpVerifyKeyCommand, 0},
- /*
- ** .pp
- ** This command is used to verify key information from the key selection
- ** menu.
- ** .pp
- ** This is a format string, see the $$pgp_decode_command command for
- ** possible \fCprintf(3)\fP-like sequences.
- ** (PGP only)
- */
- { "pgp_list_secring_command", DT_STR, R_NONE, UL &PgpListSecringCommand, 0},
- /*
- ** .pp
- ** This command is used to list the secret key ring's contents. The
- ** output format must be analogous to the one used by:
- ** .ts
- ** gpg --list-keys --with-colons.
- ** .te
- ** .pp
- ** This format is also generated by the \fCpgpring\fP utility which comes
- ** with mutt.
- ** .pp
- ** This is a format string, see the $$pgp_decode_command command for
- ** possible \fCprintf(3)\fP-like sequences.
- ** (PGP only)
- */
- { "pgp_list_pubring_command", DT_STR, R_NONE, UL &PgpListPubringCommand, 0},
- /*
- ** .pp
- ** This command is used to list the public key ring's contents. The
- ** output format must be analogous to the one used by
- ** .ts
- ** gpg --list-keys --with-colons.
- ** .te
- ** .pp
- ** This format is also generated by the \fCpgpring\fP utility which comes
- ** with mutt.
- ** .pp
- ** This is a format string, see the $$pgp_decode_command command for
- ** possible \fCprintf(3)\fP-like sequences.
- ** (PGP only)
- */
- { "forward_decrypt", DT_BOOL, R_NONE, OPTFORWDECRYPT, 1 },
- /*
- ** .pp
- ** Controls the handling of encrypted messages when forwarding a message.
- ** When \fIset\fP, the outer layer of encryption is stripped off. This
- ** variable is only used if $$mime_forward is \fIset\fP and
- ** $$mime_forward_decode is \fIunset\fP.
- ** (PGP only)
- */
- { "forw_decrypt", DT_SYN, R_NONE, UL "forward_decrypt", 0 },
- /*
- */
- { "smime_timeout", DT_NUM, R_NONE, UL &SmimeTimeout, 300 },
- /*
- ** .pp
- ** The number of seconds after which a cached passphrase will expire if
- ** not used.
- ** (S/MIME only)
- */
- { "smime_encrypt_with", DT_STR, R_NONE, UL &SmimeCryptAlg, 0 },
- /*
- ** .pp
- ** This sets the algorithm that should be used for encryption.
- ** Valid choices are ``des'', ``des3'', ``rc2-40'', ``rc2-64'', ``rc2-128''.
- ** If \fIunset\fP, ``3des'' (TripleDES) is used.
- ** (S/MIME only)
- */
- { "smime_keys", DT_PATH, R_NONE, UL &SmimeKeys, 0 },
- /*
- ** .pp
- ** Since for S/MIME there is no pubring/secring as with PGP, mutt has to handle
- ** storage and retrieval of keys/certs by itself. This is very basic right now,
- ** and stores keys and certificates in two different directories, both
- ** named as the hash-value retrieved from OpenSSL. There is an index file
- ** which contains mailbox-address keyid pair, and which can be manually
- ** edited. This option points to the location of the private keys.
- ** (S/MIME only)
- */
- { "smime_ca_location", DT_PATH, R_NONE, UL &SmimeCALocation, 0 },
- /*
- ** .pp
- ** This variable contains the name of either a directory, or a file which
- ** contains trusted certificates for use with OpenSSL.
- ** (S/MIME only)
- */
- { "smime_certificates", DT_PATH, R_NONE, UL &SmimeCertificates, 0 },
- /*
- ** .pp
- ** Since for S/MIME there is no pubring/secring as with PGP, mutt has to handle
- ** storage and retrieval of keys by itself. This is very basic right
- ** now, and keys and certificates are stored in two different
- ** directories, both named as the hash-value retrieved from
- ** OpenSSL. There is an index file which contains mailbox-address
- ** keyid pairs, and which can be manually edited. This option points to
- ** the location of the certificates.
- ** (S/MIME only)
- */
- { "smime_decrypt_command", DT_STR, R_NONE, UL &SmimeDecryptCommand, 0},
- /*
- ** .pp
- ** This format string specifies a command which is used to decrypt
- ** \fCapplication/x-pkcs7-mime\fP attachments.
- ** .pp
- ** The OpenSSL command formats have their own set of \fCprintf(3)\fP-like sequences
- ** similar to PGP's:
- ** .dl
- ** .dt %f .dd Expands to the name of a file containing a message.
- ** .dt %s .dd Expands to the name of a file containing the signature part
- ** . of a \fCmultipart/signed\fP attachment when verifying it.
- ** .dt %k .dd The key-pair specified with $$smime_default_key
- ** .dt %c .dd One or more certificate IDs.
- ** .dt %a .dd The algorithm used for encryption.
- ** .dt %C .dd CA location: Depending on whether $$smime_ca_location
- ** . points to a directory or file, this expands to
- ** . ``-CApath $$smime_ca_location'' or ``-CAfile $$smime_ca_location''.
- ** .de
- ** .pp
- ** For examples on how to configure these formats, see the \fCsmime.rc\fP in
- ** the \fCsamples/\fP subdirectory which has been installed on your system
- ** alongside the documentation.
- ** (S/MIME only)
- */
- { "smime_verify_command", DT_STR, R_NONE, UL &SmimeVerifyCommand, 0},
- /*
- ** .pp
- ** This command is used to verify S/MIME signatures of type \fCmultipart/signed\fP.
- ** .pp
- ** This is a format string, see the $$smime_decrypt_command command for
- ** possible \fCprintf(3)\fP-like sequences.
- ** (S/MIME only)
- */
- { "smime_verify_opaque_command", DT_STR, R_NONE, UL &SmimeVerifyOpaqueCommand, 0},
- /*
- ** .pp
- ** This command is used to verify S/MIME signatures of type
- ** \fCapplication/x-pkcs7-mime\fP.
- ** .pp
- ** This is a format string, see the $$smime_decrypt_command command for
- ** possible \fCprintf(3)\fP-like sequences.
- ** (S/MIME only)
- */
- { "smime_sign_command", DT_STR, R_NONE, UL &SmimeSignCommand, 0},
- /*
- ** .pp
- ** This command is used to created S/MIME signatures of type
- ** \fCmultipart/signed\fP, which can be read by all mail clients.
- ** .pp
- ** This is a format string, see the $$smime_decrypt_command command for
- ** possible \fCprintf(3)\fP-like sequences.
- ** (S/MIME only)
- */
- { "smime_sign_opaque_command", DT_STR, R_NONE, UL &SmimeSignOpaqueCommand, 0},
- /*
- ** .pp
- ** This command is used to created S/MIME signatures of type
- ** \fCapplication/x-pkcs7-signature\fP, which can only be handled by mail
- ** clients supporting the S/MIME extension.
- ** .pp
- ** This is a format string, see the $$smime_decrypt_command command for
- ** possible \fCprintf(3)\fP-like sequences.
- ** (S/MIME only)
- */
- { "smime_encrypt_command", DT_STR, R_NONE, UL &SmimeEncryptCommand, 0},
- /*
- ** .pp
- ** This command is used to create encrypted S/MIME messages.
- ** .pp
- ** This is a format string, see the $$smime_decrypt_command command for
- ** possible \fCprintf(3)\fP-like sequences.
- ** (S/MIME only)
- */
- { "smime_pk7out_command", DT_STR, R_NONE, UL &SmimePk7outCommand, 0},
- /*
- ** .pp
- ** This command is used to extract PKCS7 structures of S/MIME signatures,
- ** in order to extract the public X509 certificate(s).
- ** .pp
- ** This is a format string, see the $$smime_decrypt_command command for
- ** possible \fCprintf(3)\fP-like sequences.
- ** (S/MIME only)
- */
- { "smime_get_cert_command", DT_STR, R_NONE, UL &SmimeGetCertCommand, 0},
- /*
- ** .pp
- ** This command is used to extract X509 certificates from a PKCS7 structure.
- ** .pp
- ** This is a format string, see the $$smime_decrypt_command command for
- ** possible \fCprintf(3)\fP-like sequences.
- ** (S/MIME only)
- */
- { "smime_get_signer_cert_command", DT_STR, R_NONE, UL &SmimeGetSignerCertCommand, 0},
- /*
- ** .pp
- ** This command is used to extract only the signers X509 certificate from a S/MIME
- ** signature, so that the certificate's owner may get compared to the
- ** email's ``From:'' field.
- ** .pp
- ** This is a format string, see the $$smime_decrypt_command command for
- ** possible \fCprintf(3)\fP-like sequences.
- ** (S/MIME only)
- */
- { "smime_import_cert_command", DT_STR, R_NONE, UL &SmimeImportCertCommand, 0},
- /*
- ** .pp
- ** This command is used to import a certificate via smime_keys.
- ** .pp
- ** This is a format string, see the $$smime_decrypt_command command for
- ** possible \fCprintf(3)\fP-like sequences.
- ** (S/MIME only)
- */
- { "smime_get_cert_email_command", DT_STR, R_NONE, UL &SmimeGetCertEmailCommand, 0},
- /*
- ** .pp
- ** This command is used to extract the mail address(es) used for storing
- ** X509 certificates, and for verification purposes (to check whether the
- ** certificate was issued for the sender's mailbox).
- ** .pp
- ** This is a format string, see the $$smime_decrypt_command command for
- ** possible \fCprintf(3)\fP-like sequences.
- ** (S/MIME only)
- */
- { "smime_sign_as", DT_SYN, R_NONE, UL "smime_default_key", 0 },
- { "smime_default_key", DT_STR, R_NONE, UL &SmimeDefaultKey, 0 },
- /*
- ** .pp
- ** This is the default key-pair to use for signing. This must be set to the
- ** keyid (the hash-value that OpenSSL generates) to work properly
- ** (S/MIME only)
- */
-#if defined(USE_SSL)
- { "ssl_client_cert", DT_PATH, R_NONE, UL &SslClientCert, 0 },
- /*
- ** .pp
- ** The file containing a client certificate and its associated private
- ** key.
- */
- { "ssl_force_tls", DT_BOOL, R_NONE, OPTSSLFORCETLS, 0 },
- /*
- ** .pp
- ** If this variable is \fIset\fP, Mutt will require that all connections
- ** to remote servers be encrypted. Furthermore it will attempt to
- ** negotiate TLS even if the server does not advertise the capability,
- ** since it would otherwise have to abort the connection anyway. This
- ** option supersedes $$ssl_starttls.
- */
- { "ssl_starttls", DT_QUAD, R_NONE, OPT_SSLSTARTTLS, M_YES },
- /*
- ** .pp
- ** If \fIset\fP (the default), mutt will attempt to use \fCSTARTTLS\fP on servers
- ** advertising the capability. When \fIunset\fP, mutt will not attempt to
- ** use \fCSTARTTLS\fP regardless of the server's capabilities.
- */
- { "certificate_file", DT_PATH, R_NONE, UL &SslCertFile, UL "~/.mutt_certificates" },
- /*
- ** .pp
- ** This variable specifies the file where the certificates you trust
- ** are saved. When an unknown certificate is encountered, you are asked
- ** if you accept it or not. If you accept it, the certificate can also
- ** be saved in this file and further connections are automatically
- ** accepted.
- ** .pp
- ** You can also manually add CA certificates in this file. Any server
- ** certificate that is signed with one of these CA certificates is
- ** also automatically accepted.
- ** .pp
- ** Example:
- ** .ts
- ** set certificate_file=~/.mutt/certificates
- ** .te
- */
-# ifdef USE_SSL_OPENSSL
- { "ssl_usesystemcerts", DT_BOOL, R_NONE, OPTSSLSYSTEMCERTS, 1 },
- /*
- ** .pp
- ** If set to \fIyes\fP, mutt will use CA certificates in the
- ** system-wide certificate store when checking if a server certificate
- ** is signed by a trusted CA.
- */
- { "entropy_file", DT_PATH, R_NONE, UL &SslEntropyFile, 0 },
- /*
- ** .pp
- ** The file which includes random data that is used to initialize SSL
- ** library functions.
- */
- { "ssl_use_sslv2", DT_BOOL, R_NONE, OPTSSLV2, 1 },
- /*
- ** .pp
- ** This variables specifies whether to attempt to use SSLv2 in the
- ** SSL authentication process.
- */
-# endif /* defined USE_SSL_OPENSSL */
- { "ssl_use_sslv3", DT_BOOL, R_NONE, OPTSSLV3, 1 },
- /*
- ** .pp
- ** This variables specifies whether to attempt to use SSLv3 in the
- ** SSL authentication process.
- */
- { "ssl_use_tlsv1", DT_BOOL, R_NONE, OPTTLSV1, 1 },
- /*
- ** .pp
- ** This variables specifies whether to attempt to use TLSv1 in the
- ** SSL authentication process.
- */
-# ifdef USE_SSL_GNUTLS
- { "ssl_min_dh_prime_bits", DT_NUM, R_NONE, UL &SslDHPrimeBits, 0 },
- /*
- ** .pp
- ** This variable specifies the minimum acceptable prime size (in bits)
- ** for use in any Diffie-Hellman key exchange. A value of 0 will use
- ** the default from the GNUTLS library.
- */
- { "ssl_ca_certificates_file", DT_PATH, R_NONE, UL &SslCACertFile, 0 },
- /*
- ** .pp
- ** This variable specifies a file containing trusted CA certificates.
- ** Any server certificate that is signed with one of these CA
- ** certificates is also automatically accepted.
- ** .pp
- ** Example:
- ** .ts
- ** set ssl_ca_certificates_file=/etc/ssl/certs/ca-certificates.crt
- ** .te