I think I found the reason for the problem.
SMIME_read_CMS does convert any single LF to a CRLF.
If I compare the input to the CMS I get out of SMIME_read_CMS then there
are all LFs replaced with CRLFs.
Thats the problem with the verify. If I manually replace the added CRs
in the CMS and then give it to CMS_verify all is fine.
So... can I disable this canonicalization in SMIME_read_CMS??
Thanks for help!
On 2018-03-14 07:43, e...@coderhacks.com wrote:
Hi!
I am facing some problems with a SMIME where the content is binary
encoded AND a linefeed (LF) (0x0a) is used for line-separator.
The CMS_verify failes (CMS
routines:CMS_SignerInfo_verify_content:verification failure).
It works fine if CRLF (0x0d 0x0a) is line-separator or even if only CR
is used - but not with LF only.
It is also ok if the content is not in binary but base64 encoded.
I tried with and without CMS_BINARY flag set.
I think it is about the canonicalization of MIME if the content is not
base64.
Is OpenSSL doing this canonicalization (where?).
I think CMS_BINARY should disable it - I tried to change any LF to
CRLF before the verify but that did not help.
Any ideas?
Thanks!
Chris
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
