[dev] S/Mime signature not validating (Was Fwd: Test)
Michael M Slusarz
slusarz at horde.org
Tue Jan 14 07:41:55 UTC 2014
Quoting Michael J Rubinsky <mrubinsk at horde.org>:
> While testing and looking at the code for s/mime support in
> ActiveSync, I've discovered that the following email, sent from iOS
> validates fine on the iPhone and in Apple Mail, but Horde says the
> signer's certificate cannot be verified. It is signed with the same
> certificate that I sign all my Horde email with - and this verifies
> fine when the original email is sent from IMP.
This is not an Horde/IMP issue. It is the PHP pkcs7 code that is
parsing the signature data. It's not an issue with MIME
parsing/EOLs/etc. since the message verifies correctly. It appears to
be something wrong with how the signing certificate data is added to
the signature.
My guess is that the Apple products are either lax when verifying this
certificate, or ignore the issue (or at least workaround it). We
don't have that luxury since we have no access to the internal S/MIME
parsing code.
michael
___________________________________
Michael Slusarz [slusarz at horde.org]
More information about the dev
mailing list