[horde] Crypt/Smime.php: (wrong) hardcoded header information for diges algorithm
Stephan Lauffer
lauffer at ph-freiburg.de
Tue Apr 25 12:45:16 UTC 2017
Hello!
In file ../Horde/Crypt/Smime.php we have a hardcoded header
information for the used diges algorithm, see public function
signMIMEPart($mime_part, $params) about line 247, 248:
// Per RFC 5751 [3.4.3.2], 'sha1' has been deprecated for 'sha-1'.
$smime_part->setContentTypeParameter('micalg', 'sha-1');
The problem now is that (our) newer distributions opensuse-42.2 with
newer openssl, php5-openssl use sha2 algorithm. So the header
information than is wrong then.
We noticed that thunderbird (old stable 45* and brand new beta) has
problems with this wron information. Outlook is ok, openssl checks are
well, too.
Cross reference to the mozilla bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=1359327
--
Liebe Gruesse, with best regards
Stephan Lauffer
Pedagogical University Freiburg - Germany
http://www.ph-freiburg.de/zik/
Fon/ Fax: +49 761 682 -559/ -486
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5962 bytes
Desc: S/MIME-Signatur
URL: <https://lists.horde.org/archives/horde/attachments/20170425/b090028f/attachment.bin>
More information about the horde
mailing list