Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PGP/MIME error #867

Closed
laerm opened this issue Feb 11, 2020 · 9 comments · Fixed by #868
Closed

PGP/MIME error #867

laerm opened this issue Feb 11, 2020 · 9 comments · Fixed by #868
Labels
Milestone

Comments

@laerm
Copy link

laerm commented Feb 11, 2020

Version

v6.2.52

Installation method

via EPEL repository, on RHEL 7.7 (Maipo)

Expected behavior

No error message

Actual behavior

When a message is signed using PGP/MIME, I see the following error in the sympa log:

Feb 11 12:09:51 domainname sympa_msg[4497]: err main::#243 > Sympa::Spindle::spin#83 > Sympa::Spindle::ProcessIncoming::_twist#207 > Sympa::Message::check_smime_signature#1316 Sympa::Message <[email protected]>: Unable to verify S/MIME signature: Crypt::SMIME#check: failed to check the signature: error:0D0D40D5:asn1 encoding routines:SMIME_read_ASN1:sig invalid mime type at /usr/share/sympa/lib/Sympa/Message.pm line 1315.

Signing with inline PGP, or S/MIME works as expected.

Additional information

This error has been present for a number of versions and is not recent. An increase in PGP/MIME signed messages in our institution means I've been seeing the error more frequently.

Thanks for looking into it or for any tips!

@ikedas ikedas added the bug label Feb 11, 2020
@racke
Copy link
Contributor

racke commented Feb 11, 2020

PGP/MIME seems a bit hard to grasp. Surely I can enable that in Thunderbird, but how could I construct an email from a script for testing?

@ikedas
Copy link
Member

ikedas commented Feb 13, 2020

Hi @laerm , could you please apply this patch and check if the problem will be solved?

@ikedas ikedas added the ready A PR is waiting to be merged. Close to be solved label Feb 13, 2020
@laerm
Copy link
Author

laerm commented Feb 13, 2020

Hello @ikedas,

I can confirm that I no longer get the error in the logs when signing with PGP/MIME after applying the patch.

Thank you for your prompt reply and fix, and thank you for all the great work.

@ikedas
Copy link
Member

ikedas commented Feb 13, 2020

@laerm, thanks for reporting bug and confirming fix.

If you can (not forced), can you provide a sample of message signed with PGP? We will also confirm problem by using that message.

@laerm
Copy link
Author

laerm commented Feb 13, 2020

Unfortunately, I have seen another error since patching, which I'm unable to reproduce. I will let you know if I can get an example from the sender:

Feb 13 08:59:35 host sympa_msg[31951]: err main::#243 > Sympa::Spindle::spin#83 > Sympa::Spindle::ProcessIncoming::_twist#207 > Sympa::Message::check_smime_signature#1303 Sympa::Message <[email protected]>: Unable to verify S/MIME signature: Crypt::SMIME#check: failed to check the signature: error:2E099064:CMS routines:CMS_SIGNERINFO_VERIFY_CERT:certificate verify error at /usr/share/sympa/lib/Sympa/Message.pm line 1302.

Here's a link to download the example emails I used before this latest case. It's valid 24 hours. The PGP/MIME example caused the error before patching.

@ikedas
Copy link
Member

ikedas commented Feb 13, 2020

I think another error you reported may also be avoided by my patch.

Thanks for providing samples. We'll use it to make test cases.

@ikedas
Copy link
Member

ikedas commented Feb 13, 2020

I confirmed buggy behaviors were solved, when my patch has been applied.

Before patching (I renamed test files.):

  • 0907_1: Inline PGP - No error

  • 0908_1: PGP/MIME -
    err Sympa::Message::check_smime_signature() Sympa::Message <[email protected]>: Unable to verify S/MIME signature: Crypt::SMIME#check: failed to check the signature: error:0D0D40D5:asn1 encoding routines:SMIME_read_ASN1:sig invalid mime type at src/lib/Sympa/Message.pm line 1317.

  • 0908_2: S/MIME

  • 0907_2: Inline PGP - No error

  • 0908_3: PGP_MIME -
    err Sympa::Message::check_smime_signature() Sympa::Message <[email protected]>: Unable to verify S/MIME signature: Crypt::SMIME#check: failed to check the signature: error:0D0D40D5:asn1 encoding routines:SMIME_read_ASN1:sig invalid mime type at src/lib/Sympa/Message.pm line 1317.

  • 0908_4: S/MIME

PGP/MIME signed messages caused error. After patching, these errors were dissolved.


@laerm, the last case you reported (error 2E099064) seems arguing wrong usage of certificate, such as expired or revoked certificate, inhibited algorithm, ... If that's the case, failure of signature verification is normal behavior.

@laerm
Copy link
Author

laerm commented Feb 13, 2020

@ikedas thanks for looking into it and for the explanation of the last error (I admit, I hadn't delved into the error code meaning!).

It seems the issue is fixed with the patch! :)

@ikedas
Copy link
Member

ikedas commented Feb 13, 2020

@laerm, thanks for reporting bug and providing precise information to improve Sympa!

@ikedas ikedas removed the ready A PR is waiting to be merged. Close to be solved label Feb 13, 2020
neumantm added a commit to stuvusIT/sympa that referenced this issue Dec 14, 2020
This is neccesarry to get a sympa version >6.2.54.
This is neccessary to have this PR: sympa-community/sympa#867
This is neccassary to prevent errors when using custom scenari with the [Sender] variable in a condition.
For example the uni_stuttgart_moderated scenario.
haslersn pushed a commit to stuvusIT/sympa that referenced this issue Dec 14, 2020
This is neccesarry to get a sympa version >6.2.54.
This is neccessary to have this PR: sympa-community/sympa#867
This is neccassary to prevent errors when using custom scenari with the [Sender] variable in a condition.
For example the uni_stuttgart_moderated scenario.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants