[openssl-users] MIME-canonicalization
etc at coderhacks.com
etc at coderhacks.com
Wed Mar 14 08:33:12 UTC 2018
I think I found the reason for the problem.
SMIME_read_CMS does convert any single LF to a CRLF.
If I compare the input to the CMS I get out of SMIME_read_CMS then there
are all LFs replaced with CRLFs.
Thats the problem with the verify. If I manually replace the added CRs
in the CMS and then give it to CMS_verify all is fine.
So... can I disable this canonicalization in SMIME_read_CMS??
Thanks for help!
On 2018-03-14 07:43, etc at coderhacks.com wrote:
> Hi!
>
> I am facing some problems with a SMIME where the content is binary
> encoded AND a linefeed (LF) (0x0a) is used for line-separator.
> The CMS_verify failes (CMS
> routines:CMS_SignerInfo_verify_content:verification failure).
>
> It works fine if CRLF (0x0d 0x0a) is line-separator or even if only CR
> is used - but not with LF only.
> It is also ok if the content is not in binary but base64 encoded.
>
> I tried with and without CMS_BINARY flag set.
>
> I think it is about the canonicalization of MIME if the content is not
> base64.
>
> Is OpenSSL doing this canonicalization (where?).
>
> I think CMS_BINARY should disable it - I tried to change any LF to
> CRLF before the verify but that did not help.
>
> Any ideas?
>
> Thanks!
> Chris
>
More information about the openssl-users
mailing list