6.0.0-git
2021-01-18

[#5986] Problem importing public keys for S/MIME
Summary Problem importing public keys for S/MIME
Queue Horde Framework Packages
Queue Version HEAD
Type Enhancement
State Resolved
Priority 2. Medium
Owners chuck (at) horde (dot) org
Requester holger.richter (at) klst (dot) com
Created 2007-12-13 (4785 days ago)
Due 12/13/2007 (4785 days ago)
Updated 2007-12-28 (4770 days ago)
Assigned
Resolved 2007-12-28 (4770 days ago)
Milestone
Patch No

History
2007-12-28 22:26:51 Chuck Hagenbuch Comment #5
Assigned to Chuck Hagenbuch
State ⇒ Resolved
Reply to this comment
I was able to generate a test for this, including a multi-valued 
subjectAltName set of email addresses, and committed a similar patch 
(that also handles multiple values correctly).
2007-12-13 18:52:56 Jan Schneider Comment #4 Reply to this comment
Can you also provide an example cert that triggers this behavior?
2007-12-13 18:25:10 holger (dot) richter (at) klst (dot) com Comment #3 Reply to this comment
the patch for smime.php



*** framework/Crypt/Crypt/smime.php-orig        Wed Aug 22 11:48:04 2007

--- framework/Crypt/Crypt/smime.php        Wed Dec 12 16:00:45 2007

***************

*** 1250,1255 ****

--- 1250,1265 ----

               } elseif (isset($key_info['subject']['emailAddress'])) {

                   return $key_info['subject']['emailAddress'];

               }

+         }

+         // Hg: the email address could be moved from the subject to the

+         //     subjectAltName field

+         if (is_array($key_info) && isset($key_info['extensions'])) {

+             if (isset($key_info['extensions']['subjectAltName'])) {

+                 $val = $key_info['extensions']['subjectAltName'];

+                 if (trim(stripos($val, "mail:")) == 1) {

+                         return substr($val, 7);

+                 }

+             }

           }



           return null;


2007-12-13 18:19:56 Jan Schneider Comment #2
State ⇒ Feedback
Reply to this comment
There was no patch attached.
2007-12-13 10:03:34 holger (dot) richter (at) klst (dot) com Comment #1
Type ⇒ Enhancement
State ⇒ New
Priority ⇒ 2. Medium
Summary ⇒ Problem importing public keys for S/MIME
Due ⇒ 2007-12-13
Queue ⇒ Horde Framework Packages
Reply to this comment
X.509 certificates may contain email addresses in the subject. But it 
is also possible to move the email address from the subject to the 
subject alternative name.



Horde looks for the mail address only in the subject of the 
certificate during the import of the public key. If the address was 
moved from the subject to the subject alternative name horde is unable 
to import the public key.



I hope this small patch for smime.php is suitable.

Saved Queries