#38 Non-included headers passed as CRLF to verif., signat. fails


If DomainKey-Signature explicitly lists the h= list
and nonlisted headers need to be removed before
computing digest and verifying signature, the
dk-milter-0.4.1 (in verification mode) passes an empty
line (a CRLF) in place of each removed header field to
the message digest algorithm, which results in
signiture verification to fail. The correct behaviour
is to completely ignore non-listed header fields.

A workaround for a verification-only milter is to
specify (a redundant) option -H, which should have no
effect on the verification mode, but actually changes
internal program flow which somehow avoids the

To reproduce:
- run dk-milter with option -b v, (and no -H)
- let it verify a message with explicit h= list
which does not include all header fields present.


  • Anonymous - 2007-03-08
    • assigned_to: nobody --> sm-msk
  • Anonymous - 2007-03-12

    Logged In: YES
    Originator: NO

    I can't reproduce this with 0.4.1. I tried sending a signed message through which contained a Date: header but didn't have "date" in the h= list, and the canonicalized form produced (a) didn't have any errant CRLFs in it, and (b) did not include the "Date:" header.

  • Anonymous - 2007-03-13

    Proposed patch #1

  • Anonymous - 2007-03-13

    Logged In: YES
    Originator: NO

    Finally managed to reproduce the problem. A patch is attached.
    File Added: PATCH

  • Anonymous - 2007-03-13

    Logged In: YES
    Originator: NO

    Patch applied in v0.4.2, now released.

  • Anonymous - 2007-03-13
    • status: open --> closed-fixed

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

No, thanks