[horde] Re: Fwd: Re: Horde/IMP and smime

[Michael M Slusarz]

Quoting Jan Schneider <jan at horde.org>:

>
>
> ----- Weitergeleitete Nachricht von lalot at univ-aix.fr -----
>     Datum: Wed, 09 Mar 2005 08:46:47 +0100
>       Von: LALOT Dominique <lalot at univ-aix.fr>
> Antwort an: LALOT Dominique <lalot at univ-aix.fr>
>   Betreff: Re: [horde] Re: Horde/IMP and smime
>        An: Jan Schneider <jan at horde.org>
>
> I need time to understand better CVS. I've rsync last night. Then I'll
> make a separate config for CVS.
>
> Jan Schneider a écrit :
>
>> Zitat von LALOT Dominique <lalot at univ-aix.fr>:
>>
>>
>>> in smime.php line 212
>>>
>>>       /* Try again without verfying the signer's cert */
>>>       $result = openssl_pkcs7_verify($input, PKCS7_NOVERIFY, $output);
>>>
>>>       if (($result === true) || ($result === -1)) {
>>> $ob->result = PEAR::raiseError(_("Message Verified Successfully but the
>>> signer's certificate could not be verified."), 'horde.warning'); }
>>>
>>>
>>> So if it's true or false : success!!. You can get rid of the else :-)
>>>
>>
>>
> I've tried that code already just the lines in a separate page to test
> openssl_pkcs7_verify with the file you are providing minus the problem
> with flowed.
> That function returns -1 (hopefully)
> And it says : Message Verified Successfully
> What I can say about the if-clause: that's not true. Nothing succeeded.
>
> I say, that check is wrong and I maintain what I said.

No, Jan is correct.  If $result is true, than the message is verified.  
If the message is incorrect (i.e. has been tampered with), $result 
returns false.  False does *not* equal -1. (e.g., in PHP, false !== -1) 
and false obviously does not equal true.  Therefore, we need the else 
clause.  If $result returns -1 (I can't recall off the top of my head 
when this happens, but openssl_pkcs7_verify() may return -1 if the 
message is verified successfully) we give the success message.

michael

_______________________________________
Michael Slusarz [slusarz at curecanti.org]