<<< Date Index >>>     <<< Thread Index >>>

Re: [Mutt] #2180: mutt / gpgme does a case sensitive check of



#2180: mutt / gpgme does a case sensitive check of sender's domainname
---------------------------------+------------------------------------------
  Reporter:  ludwig@xxxxxxxxxxx  |       Owner:  mutt-dev                    
      Type:  defect              |      Status:  new                         
  Priority:  minor               |   Milestone:                              
 Component:  crypto              |     Version:  1.5.11 (CVS from 2006-02-09)
Resolution:                      |    Keywords:  patch                       
---------------------------------+------------------------------------------
Changes (by pdmef):

  * keywords:  => patch
  * component:  mutt => crypto


Old description:

> {{{
> RFC 2821 reads (Sect. 2.4):
>   SMTP implementations MUST take care to preserve
>   the case of mailbox local-parts. Mailbox domains
>   are not case sensitive.
>
> However, the function verify_sender() in crypt-gpgme.c that is used to
> verify the From: header against the email address stated in the signer's
> x509 certificate compares the complete address in a case sensitive
> manner.
>
> There is a mail server at our site that that I cannot control and that
> changes the domain name part from fh-worms.de into Fh-Worms.de.
> Therefore, whenever I open a mail from someone at fh-worms.de, mutt
> mistakenly complains that the signer's certificate does not belong to the
> sender.
> >How-To-Repeat:
> >Fix:
> The attached patch (against the CVS as of 2005-02-09) fixes this problem.
> It additionally fixes a not initialized variable in decrypt_part() that
> might be accessed in some code path.
> }}}

New description:

 {{{
 RFC 2821 reads (Sect. 2.4):
   SMTP implementations MUST take care to preserve
   the case of mailbox local-parts. Mailbox domains
   are not case sensitive.

 However, the function verify_sender() in crypt-gpgme.c that is used to
 verify the From: header against the email address stated in the signer's
 x509 certificate compares the complete address in a case sensitive manner.

 There is a mail server at our site that that I cannot control and that
 changes the domain name part from fh-worms.de into Fh-Worms.de. Therefore,
 whenever I open a mail from someone at fh-worms.de, mutt mistakenly
 complains that the signer's certificate does not belong to the sender.
 >How-To-Repeat:
 >Fix:
 The attached patch (against the CVS as of 2005-02-09) fixes this problem.
 It additionally fixes a not initialized variable in decrypt_part() that
 might be accessed in some code path.
 }}}

--

-- 
Ticket URL: <http://dev.mutt.org/trac/ticket/2180#comment:1>
Mutt <http://www.mutt.org/>
The Mutt mail user agent