View Issue Details

IDProjectCategoryView StatusLast Update
0004634SOGowith SOGopublic2020-10-14 02:29
Reporterlekron Assigned To 
PrioritynormalSeverityminorReproducibilityalways
Status newResolutionopen 
Product Version4.0.4 
Summary0004634: SOGo does not correctly import S/MIME certificates
Description

I added a certificate to SOGo and whenever I am sending a mail it says "No error information available" (See attached picture).

However, when I am sending a mail by using my android app (Nine) with the same email address and certificate installed it says "Message is signed".

So it looks like SOGo has some troubles correctly importing .p12 certificates.

Thanks in advance for you help.

TagsS/MIME

Activities

lekron

lekron

2019-01-09 04:28

reporter  

smime_bug.png (45,571 bytes)   
smime_bug.png (45,571 bytes)   
lekron

lekron

2019-07-30 03:36

reporter   ~0013682

Any updates on this?

ludovic

ludovic

2019-07-30 08:56

administrator   ~0013684

What does the certificate management interface says about your imported cert from SOGo web?

lekron

lekron

2019-08-07 08:59

reporter   ~0013698

Last edited: 2019-08-07 09:02

View 2 revisions

When importing a cert, SOGo apparently correctly imports it.

However, when sending a mail with the according cert, the signature of the sent message is invalid (see attached picture) and if one would enrypt the message, the receiver is unable to decrypt it.
I tried importing the cert various times on different versions of SOGo but it never worked correctly.

Oddly, the same cert works just fine when imported into Nine on Android and sent mails from there have a valid signature and working encryption (see also attached picture)

lekron

lekron

2019-08-07 09:00

reporter  

sogo_smime.png (28,243 bytes)   
sogo_smime.png (28,243 bytes)   
tik2707

tik2707

2020-09-23 06:31

reporter   ~0014814

Same issue as @lekron here ... Works perfectly with other programs (eg. thunderbird) but not in SOGo... :-(

Outlook error text:
The message content may have been changed.
Signed by *** using RSA/SHA256 at 12:21:51 09/23/202020.

Any ideas?

schmirl

schmirl

2020-09-28 03:44

reporter   ~0014855

Not related to the main topic of this ticket (certificate error when sending mail) but to the two previous posts (signatures broken in Outlook):

This affects MIME messages only. Pure text mails are ok.

According to RFC2046 (https://tools.ietf.org/html/rfc2046#section-5.1.1) a MIME message ends with the close delimiter (MIME boundary + "--" and optional whitespaces). A following newline and any text after it is the epilogue which is to be ignored or outright discarded.

OpenSSL signes everything you pass to it (including the epilogue) and also includes the epilogue when verifying a signature. Outlook on the other hand ignores the epilogue when verifying a signature (which sounds more standards compliant to me).

SOPE appends a CRLF to the close delimiter of MIME mails, i.e. an epilogue consisting of just "CRLF". This results in Outlook reporting broken signatures for SOGo signed MIME mails.

Fix attached.

SOPE-no_epilogue.patch (411 bytes)   
--- sope-mime/NGMime/NGMimeMultipartBodyGenerator.m.orig	2019-12-17 20:34:06.000000000 +0000
+++ sope-mime/NGMime/NGMimeMultipartBodyGenerator.m	2020-09-25 18:50:50.850010659 +0000
@@ -206,7 +206,7 @@
   }
   [data appendBytes:"--" length:2];
   [data appendBytes:[_boundary cString] length:[_boundary length]];
-  [data appendBytes:"--\r\n" length:4];
+  [data appendBytes:"--" length:2];
   return data;
 }
 
SOPE-no_epilogue.patch (411 bytes)   
tik2707

tik2707

2020-10-12 10:19

reporter   ~0014882

How can I use these patch file?

schmirl

schmirl

2020-10-12 10:53

reporter   ~0014883

You would have to compile SOPE yourself from the sources.

Btw.: Do you also get the "no error information available" message when sending a mail (the original topic of this ticket) or do you just suffer from the broken signatures in Outlook?

tik2707

tik2707

2020-10-12 11:16

reporter   ~0014884

Okay thanks. Than I will wait that it's hopefully fixed in the next versions of sogo.
I only have the trouble with Outlook.

ludovic

ludovic

2020-10-13 10:05

administrator   ~0014885

@ schmirl I have added your patch, thanks!

schmirl

schmirl

2020-10-14 02:29

reporter   ~0014886

Thanks @ludovic

@lekron: Regarding the "No error information available" error message: does this error still show up and which version of SOGo are you running ATM?

Issue History

Date Modified Username Field Change
2019-01-09 04:28 lekron New Issue
2019-01-09 04:28 lekron File Added: smime_bug.png
2019-07-30 03:36 lekron Note Added: 0013682
2019-07-30 08:56 ludovic Note Added: 0013684
2019-08-07 08:59 lekron Note Added: 0013698
2019-08-07 09:00 lekron File Added: sogo_smime.png
2019-08-07 09:02 lekron Note Edited: 0013698 View Revisions
2020-09-23 06:31 tik2707 Note Added: 0014814
2020-09-23 06:31 tik2707 File Added: 2020-09-23 12_29_33-Test von Sogo - signiert [signed OK] - Nachricht (HTML).png
2020-09-23 06:32 tik2707 Tag Attached: S/MIME
2020-09-28 03:44 schmirl Note Added: 0014855
2020-09-28 03:44 schmirl File Added: SOPE-no_epilogue.patch
2020-10-12 10:19 tik2707 Note Added: 0014882
2020-10-12 10:53 schmirl Note Added: 0014883
2020-10-12 11:16 tik2707 Note Added: 0014884
2020-10-13 10:05 ludovic Note Added: 0014885
2020-10-14 02:29 schmirl Note Added: 0014886