Hi Frank and thanks a lot for the patches!
I will see how to integrate them in a test system first, although i guess they should be ready for use and they seem helpfull with our issues.
Out of curiosity and in order to have a better understanding, may i ask a question regarding some line in the code before the patch?
About 5 lines above the patched line , there is an "lowercaseString" already [https://github.com/inverse-inc/sogo/blob/3f93e6ebc4d6061c995c72993bbbde6ed4b9edbd/SoObjects/Mailer/SOGoDraftObject.m#L2041]:
emlst = X509_get1_email(scert); for (i = 0; i < sk_OPENSSL_STRING_num(emlst); i++)[emails addObject: [[NSString stringWithUTF8String: sk_OPENSSL_STRING_value(emlst, i)] lowercaseString]];
X509_email_free(emlst);Do i presume rightfully that this is where you extract the email address out of the certificate AND do apply a "lowercase" on the email address?
If so, is the "lowercase" applied on the complete email address e.g. "local-part@domain" (my guess) or just on the "local-part"?
Best greetings, ChriS. P.S. Servus von Nebenan :) On 25.02.22 10:01, "Frank Schmirler" ([email protected]) wrote:
Hi ChriS, the problem is not LDAP specific. It also affects non-LDAP installations with mixed case in email addresses. I attached two patches: One for comparing the email addresses case insensitive and one for displaying the SAN email addresses in Preferences > Mail > IMAP Accounts > Edit > Security Best regards from Göggingen ;) Frank Am Donnerstag, 24. Februar 2022 11:57 CET, schrieb "\"Christian Setzer (HaW Augsburg)\"" ([email protected]) <[email protected]>:Hi Frank, thanks for your feedback and check. I was doing some research here and came to the following observation / conclusion: By default, my account was getting the email adress with uppercase letters e.g. Name.Surname@... When i changed it all to lowercase directly in the ldap, i was able to send it. So it seems to be an upper lower case related issue when comparing the account email adress with the email adress in the certificate. Am i right in presuming that your email adress whas/is all in lowercase (by default)? Greetings, ChriS. P.S.I can confirm that email addresses in the SAN are not visible in Preferences > Mail > IMAP Accounts > Edit > Security. With the fix for issue #5440 SAN email addresses became visible only when viewing signed messages.Would this be "interesting enough" to add it to a wishlist? If so, is there a list apart from the bts bugtracker or would that be the place to "make a wish", so to say? On 23.02.22 14:36, "Frank Schmirler" ([email protected]) wrote:Hi Christian, I'm also running 5.5.1 and have no problems sending signed messages, provided the sender address is really part of the certificate. Please double check that. I Tried with both, a certificate with the email address in SAN only (like yours) and a certificate with the email address in DN and SAN. I can confirm that email addresses in the SAN are not visible in Preferences > Mail > IMAP Accounts > Edit > Security. With the fix for issue #5440 SAN email addresses became visible only when viewing signed messages. Best regards, Frank Am Mittwoch, 23. Februar 2022 10:57 CET, schrieb "Christian Setzer | Hochschule Augsburg" ([email protected]) <[email protected]>:sorry ... hereby with the attachments ... :P ChriS. -------- Forwarded Message -------- Subject: sogo webclient - send signed email error - sender address not in certificate Date: Wed, 23 Feb 2022 10:41:12 +0100 From: Christian Setzer | Hochschule Augsburg <[email protected]> Organization: Hochschule für angewandte Wissenschaften Augsburg To: [email protected] Hello all together! As i am not sure if it is or was a reported bug already, i will try this channel first, although i couldn't find anything on the same topic. It seems to me that it could be related to the issues #5407 and #5440 in the SOGo BTS and the "fix(mail): check if smime certificate matches sender address". Currently, we cannot send signed messages using the sogo web client. (actually using version 5.5.1) Before sending, there appears to be a check of the valid certificate and it runs into an error: "The message can't be signed because the sender address is not included in the certificate associated to the mail account." See attachment: "SogoWebErrorMessageSignedSenderAddressNotInCert.jpg" If i recall it correctly, we had no issues sending signed email until version 5.2, before the change in version 5.3 where the check was added. Then, we had the issue with the warning when receiving signed messages as shown in bug #5440, which disappeared with the upgrade on 5.4. "Message is signed but the certificate (name surname) doesn't match the sender email address" Finally, we upgraded to 5.5.1 and hoped the sending signed error would disappear, but it didn't. When i go to Preferences > Mail > IMAP Accounts > Edit > Security and open the view of the certificate, i can only see the parts Subject Name and Issuer. But the SAN / E-Mail-Address is not shown / visible. See attachment: "SogoWebSecurityViewCertDetails.jpg" My questions would be: Could anyone observe the same issue? What could be the origin, if it is likely to be a more personal issue? If others can observe it to, should i place it in the SOGo BTS? Thanks and greetings, ChriS. -- Christian Setzer Rechenzentrum (Computer Center & IT Services) HOCHSCHULE für angewandte Wissenschaften AUGSBURG (University of Applied Sciences) --
<<attachment: christian_setzer.vcf>>
smime.p7s
Description: S/MIME Cryptographic Signature
