[horde] Crypt/Smime.php: (wrong) hardcoded header information for diges algorithm
Michael J Rubinsky
mrubinsk at horde.org
Thu Apr 27 05:05:08 UTC 2017
Quoting Stephan Lauffer <lauffer at ph-freiburg.de>:
> Hello!
>
> In file ../Horde/Crypt/Smime.php we have a hardcoded header
> information for the used diges algorithm, see public function
> signMIMEPart($mime_part, $params) about line 247, 248:
>
> // Per RFC 5751 [3.4.3.2], 'sha1' has been deprecated for 'sha-1'.
> $smime_part->setContentTypeParameter('micalg', 'sha-1');
>
> The problem now is that (our) newer distributions opensuse-42.2 with
> newer openssl, php5-openssl use sha2 algorithm. So the header
> information than is wrong then.
>
> We noticed that thunderbird (old stable 45* and brand new beta) has
> problems with this wron information. Outlook is ok, openssl checks
> are well, too.
>
> Cross reference to the mozilla bug:
> https://bugzilla.mozilla.org/show_bug.cgi?id=1359327
I've added some code that detects the message digest alg in use. Well,
more accurately, it detects if it's SHA-256 and if it's not, it
assumes SHA-1. In addition to the change in Horde/Crypt, it will
require changes in IMP to pass the path of openssl to the
signMIMEPart() method.
https://github.com/horde/horde/commit/76c0d9d3f2af854e8b34e3536af68100332a203c
and
https://github.com/horde/horde/commit/993f494e6c68e13794581aa7f479817ddc648664
or, for IMP in Git master:
https://github.com/horde/horde/commit/fa2dca36da724f55992761b1cbc8d3c505212ce7
Please let me know if this fixes things on your end.
--
mike
The Horde Project
http://www.horde.org
https://www.facebook.com/hordeproject
https://www.twitter.com/hordeproject
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 9460 bytes
Desc: S/MIME Signature
URL: <https://lists.horde.org/archives/horde/attachments/20170427/02fce91c/attachment.bin>
More information about the horde
mailing list