[openssl-dev] [openssl.org #2383] OpenSSL line break bugs

[Stephen Henson via RT]

On Tue Nov 30 11:20:30 2010, donz4all at donz.ru wrote:
> Hello.
> I use OpenSSL 1.0.0a 1 Jun 2010 version.
>
> 1)Command "openssl smime -sign ..." generates output with added headers
> and meta-data in body with '\n' as line terminator but
> http://www.faqs.org/rfcs/rfc2822.html demands using only '\r\n' as line
> terminators.
>

This has now been addressed for all headers in the smime and cms utilities.

> 2)Command "openssl smime -verify -CAfile caCert.pem -certfile cert.pem
> -in %1 -out %1plain" treats all line terminators in the body of verified
> message as \r\n (as described in rfc2822). If creator and signer of this
> message use \n terminator in the message body there is no way to get
> successful verification except manual splitting message into headers and
> body and processing verification with "-content" key.
> Logically valid verification process must not change any content during
> verification.
>

That is intentional: the content is converted to canonical form as it may end
up with EOL translation en route or the MTA may end up using LF as EOL. As
indicated in the documentation the MIME parser is rather primitive and if an
application wants something more sophisticated they should use an alternative
parser.

Resolving ticket.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2383
Please log in as guest with password guest if prompted