Author ludo
Recipients
Date 2004-06-07.20:34:58
SpamBayes Score
Marked as misclassified
Message-id
In-reply-to
Content
Python 2.3.3 [GCC 3.2.2] on linux2
email version 2.5.5

Complex SMIME signed messages parsed and flattened
again do not pass SMIME verification. I have noticed
this with messages that have as message/rfc822
attachment another SMIME signed message.

A diff between an "original" SMIME signed messaged
passign openssl smime -verify verification and the same
message parsed (message_from_file) and flattened
(as_string(False)) by the email library:
diff -bB bugmsg_signed.eml bugmsg_signed_parsed.eml
2c2,3
< Content-Type: multipart/signed;
protocol="application/x-pkcs7-signature"; micalg=sha1;
boundary="----381546B4549948B9F93D885A82884C49"
---
> Content-Type: multipart/signed;
protocol="application/x-pkcs7-signature";
>       micalg=sha1;
boundary="----381546B4549948B9F93D885A82884C49"

The email-parsed message splits the signature header
into two lines, thus rendering the message non-valid.

Attached to this bug a .zip archive with:

- msg #1: the non-signed message (with a signed message
as attachment)
- msg #2: message #1 signed by openssl
- msg #3: message #2 parsed and flattened as described
above
- the CA certificate file used for smime verification

openssl command used to verify #2 and #3:

openssl smime -verify -in bugmsg_signed.eml -CAfile
cacert.pem

openssl smime -verify -in bugmsg_signed_parsed.eml
-CAfile cacert.pem

History
Date User Action Args
2007-08-23 14:22:16adminlinkissue968430 messages
2007-08-23 14:22:16admincreate