#39 l= breaks verifying

v0.6.6
closed
5
2007-05-04
2007-04-27
Ache
No

Although I am able to set l= when signing (via configuration file), l= does not processed on verifying, i.e. DKIM_PARAM_BODYLENGTH handling code does not exitst. Moreover, any mail signed with l= does not pass verification even if the body is untouched.
So, it is still impossible to send mail to the mailing lists which add something after body.

BTW, I wonder why number of characters in l= in so big in simple or relaxed mode, it seems it counts one additional char per line. In nwsp mode it is correct.

Discussion

  • Ache
    Ache
    2007-04-27

    Logged In: YES
    user_id=295536
    Originator: YES

    > it seems it counts one additional char per line
    I suspect it is due to CR/LF, not just LF

     
    • assigned_to: nobody --> sm-msk
     
  • Logged In: YES
    user_id=1048957
    Originator: NO

    The body length code does exist. The DKIM_PARAM_* constants are currently unused so don't search for code that way.

    If you look at dkim_canonwrite(), there's a check against the value of dkim_signlen. That's the implementation you're looking for. Since the calculation is done in both directions based on the volume of data passed to the hash algorithm, it's (theoretically) not possible for LF vs. CRLF to be part of the problem.

    I'll see if I can reproduce this.

     
  • Logged In: YES
    user_id=1048957
    Originator: NO

    It looks like on signing, even if you've requested signature lengths, they're not included in the signature that gets canonicalized when signing.

    Will be fixed in the next release. If you'd like a patch before then, I can see about producing one.

     
  • Logged In: YES
    user_id=1048957
    Originator: NO

    v0.7.0 released.

     
    • status: open --> closed