Re: S/MIME oddness

Re: S/MIME oddness

[Simon Josefsson]

Arne Jørgensen <arne@arnested.dk> writes:

> Vincent Bernat <vincent.bernat@raysa.org> writes:
>
>> Hello !
>>
>> When I try to sign with S/MIME a message, it asks me my password, sign
>> the message and put it in sent-mail, then asks again the password and
>> send the message. The copy in sent-mail is correct and the sent
>> message is not (I cannot check the sig).
>
> I'm having the same problem and think I have located the problem to be
> the Postfix version of /usr/lib/sendmail.
>
> It adds an extra blank line at the start of the signed message thus
> making it a different message than the signed one.

You could try upgrade OpenSSL, I recall that earlier versions inserted
a spurious ^M in the MIME headers, which Postfix might treat as a
newline.

Re: S/MIME oddness

[Arne Jørgensen]

Simon Josefsson <jas@extundo.com> writes:

> Arne Jørgensen <arne@arnested.dk> writes:

[...]

>> But the version that i Gcc to my self does not have an extra blank
>
> Perhaps ^M isn't treated as newline by the Gcc backend?  Some backends
> either replace \r\n with \n, or uses \r?\n as the newline regexp.
>
>> and switching to smtpmail.el made the problem go away.
>
> SMTP uses \r\n as newline, perhaps \r\r\n is treated as a single
> newline by some implementations.
>
>> I think that doesn't make OpenSSL an usual suspect.
>
> Still not impossible, I think, although the OpenSSL version that had
> this bug is quite old and insecure, so it is only a remote
> possibility.
>
> Hm.  Can you reproduce the added newline bug by previewing a S/MIME
> signed message?

I have previewed the message and found no extra newlines. Besides I
have a rather new OpenSSL (0.9.7c 30 Sep 2003).

I still suspect Postfix to be the problem. Here is what I tried:

I copied the GCC-ed version (which doesn't have an extra line) to a
file and piped it to Postfix sendmail:

     cat testmail.txt | /usr/lib/sendmail -t

When the mail arrives in my inbox it has the extra line. This was all
done on one machine (delivery to local user).

Then I logged in to another machine (with Sendmail) and did the same
trick. The message had no extra blank line.

The testmail.txt can be located at <http://arnested.dk/testmail.txt>.

So I think this is not a Gnus problem (unless Gnus produces some
invalid MIME that only some mail servers stumble across).

I think I'll try reporting this to a postfix mailing list.

-- 
Arne Jørgensen
Valby Langgade 272, 1. tv., DK-2500 Valby, Denmark
phone: +45 36 44 18 03, mobile: +45 21 65 01 13
email: arne@arnested.dk, <http://arnested.dk/>

Re: S/MIME oddness

[Arne Jørgensen]

Arne Jørgensen <arne@arnested.dk> writes:

> Eric Schwartz <emschwar@pobox.com> writes:
>
>> Have you filed a bug on postfix?  I know the maintainer personally,
>> and he would love to be able to squash this bug in time to get it
>> fixed before sarge releases.
>
> No. I forgot it. I will do it later today.

A bug report is postet on postfix-users mailing list now.

<http://article.gmane.org/gmane.mail.postfix.user/65629>

Kind regards,
-- 
Arne Jørgensen
Valby Langgade 272, 1. tv., DK-2500 Valby, Denmark
phone: +45 36 44 18 03, mobile: +45 21 65 01 13
email: arne@arnested.dk, <http://arnested.dk/>

Re: S/MIME oddness

[Arne Jørgensen]

Arne Jørgensen <arne@arnested.dk> writes:

> Arne Jørgensen <arne@arnested.dk> writes:
>
>> A bug report is postet on postfix-users mailing list now.
>
> On the Postfix mailing list Wietse Venema (the Postfix author)
> pointed to the fact that the first MIME segment has carriage return
> at the end of lines where as the other parts don't.
>
> Removing the carriage returns from the lines makes the problem go
> away.
>
> So the question is: why does Gnus (or OpenSSL) insert carriage
> returns?

They are inserted by OpenSSL and the openssl option -binary instructs
OpenSSL not to add them. Unfortunately I've not been able to verify a
message signed with -binary.

> And should they be removed?

When removing the carriage returns from a signed message (signed
without -binary) OpenSSL is still able to verify the message.

So should Gnus cut out the carriage returns after processing by
OpenSSL?

> FYI: the thread on the Postfix mailing list can be found at
> <http://thread.gmane.org/gmane.mail.postfix.user/65629>.

Kind regards,
-- 
Arne Jørgensen
Valby Langgade 272, 1. tv., 2500 Valby
tlf: 36 44 18 03, mobil: 21 65 01 13
e-post: arne@arnested.dk, <http://arnested.dk/>