[ python-Bugs-968430 ] error flattening complex smime signed message

SourceForge.net noreply at sourceforge.net
Mon Jan 24 12:43:42 CET 2005 

Bugs item #968430, was opened at 2004-06-07 22:34
Message generated for change (Comment added) made by shevek
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=968430&group_id=5470

Category: Python Library
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Ludovico Magnocavallo (ludo)
Assigned to: Nobody/Anonymous (nobody)
Summary: error flattening complex smime signed message

Initial Comment:
Python 2.3.3 [GCC 3.2.2] on linux2
email version 2.5.5

Complex SMIME signed messages parsed and flattened
again do not pass SMIME verification. I have noticed
this with messages that have as message/rfc822
attachment another SMIME signed message.

A diff between an "original" SMIME signed messaged
passign openssl smime -verify verification and the same
message parsed (message_from_file) and flattened
(as_string(False)) by the email library:
diff -bB bugmsg_signed.eml bugmsg_signed_parsed.eml
2c2,3
< Content-Type: multipart/signed;
protocol="application/x-pkcs7-signature"; micalg=sha1;
boundary="----381546B4549948B9F93D885A82884C49"
---
> Content-Type: multipart/signed;
protocol="application/x-pkcs7-signature";
>       micalg=sha1;
boundary="----381546B4549948B9F93D885A82884C49"

The email-parsed message splits the signature header
into two lines, thus rendering the message non-valid.

Attached to this bug a .zip archive with:

- msg #1: the non-signed message (with a signed message
as attachment)
- msg #2: message #1 signed by openssl
- msg #3: message #2 parsed and flattened as described
above
- the CA certificate file used for smime verification

openssl command used to verify #2 and #3:

openssl smime -verify -in bugmsg_signed.eml -CAfile
cacert.pem

openssl smime -verify -in bugmsg_signed_parsed.eml
-CAfile cacert.pem



----------------------------------------------------------------------

Comment By: Bas Wijnen (shevek)
Date: 2005-01-24 12:43

Message:
Logged In: YES 
user_id=42389

I would like to add that I think this bug is quite
important, as mailman uses python.  This means that many
mailing lists invalidate signatures when signed e-mails with
attachments are sent through them.  As attachments are often
code patches, it is quite important that the signatures are
working correctly.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=968430&group_id=5470

More information about the Python-bugs-list mailing list