<<< Date Index >>>     <<< Thread Index >>>

Bug#310205: mutt: problem verifying smime signed message when also signed with pgp



----- Forwarded message from Matijs van Zuijlen <Matijs.van.Zuijlen@xxxxxxxxx> 
-----

Subject: Bug#310205: mutt: problem verifying smime signed message when also 
signed with pgp
Reply-To: Matijs van Zuijlen <Matijs.van.Zuijlen@xxxxxxxxx>,
        310205@xxxxxxxxxxxxxxx
Original-Sender: Matijs van Zuijlen <matijs@xxxxxxxxxxxxx>
From: Matijs van Zuijlen <Matijs.van.Zuijlen@xxxxxxxxx>
To: Debian Bug Tracking System <submit@xxxxxxxxxxxxxxx>

Package: mutt
Version: 1.5.9-1
Severity: normal

I have recieved a message that consists of an s/mime signed message that
has subsequently been signed with pgp. When trying to verify the s/mime
signature, mutt passes the whole message to openssl. openssl sees the outer
multipart/signed content type, finds the signature, and then fails because
the signature is not of type application/pkcs7-signature but of type
application/pgp-signature:

  Error reading S/MIME message
  24052:error:2107A08D:PKCS7 routines:SMIME_read_PKCS7:sig invalid mime
  type:pk7_mime.c:281:type: ___ication/pgp-signature

(The mime type is in fact garbled with characters I cannot input here, due
to a bug in openssl's error reporting, see #310184. This has nothing to do
with the present problem.)

It seems that for this to work properly mutt needs to pass just the s/mime
signed message part to openssl, without the pgp signature.

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: powerpc (ppc)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.8-powerpc
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages mutt depends on:
ii  exim [mail-transport-agent] 3.36-17      An MTA (Mail Transport Agent)
ii  libc6                       2.3.2.ds1-22 GNU C Library: Shared libraries an
ii  libdb4.3                    4.3.27-2     Berkeley v4.3 Database Libraries [
ii  libgnutls11                 1.0.16-13    GNU TLS library - runtime library
ii  libidn11                    0.5.13-1.0   GNU libidn library, implementation
ii  libncursesw5                5.4-4        Shared libraries for terminal hand
ii  libsasl2                    2.1.19-1.5   Authentication abstraction library

-- no debconf information

----- End forwarded message -----

-- 
ciao,
Marco