The SMIME generation code incorrectly hard-codes the 'micalg=sha1'
parameter. This should be parametrized to use the proper
SMIME-specified algorithm name.
OpenSSL 0.9.8k
crypto/pkcs7/pk7_mime.c
~~171-176 in SMIME_write_PKCS7
bound[32] = 0;
BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
BIO_printf(bio, "Content-Type: multipart/signed;");
BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix);
BIO_printf(bio, " micalg=sha1; boundary=\"----%s\"%s%s",
bound, mime_eol, mime_eol);
BIO_printf(bio, "This is an S/MIME signed message%s%s",
mime_eol, mime_eol);
OpenSSL 0.9.8 -
crypto/pkcs7/pk7_smime.c
~~ 173-179 ... same code exactly
--
Thomas Harning Jr.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
