Developers of Sympa

[Aumont - Comite Reseaux des Universites <address@concealed>]

christian mock wrote:
> hi,
>
> is there a specific reason that to extract a certificate's email address,
> sympa uses "openssl x509 -subject" instead of "-email"?
>
> The latter seems much more logical and helps to encapsulate more of the
> X.509 braindamage in openssl...

You are right. In tools.pl, you may replace :

    ## second step is the message signer match the sender
    ## a better analyse should be performed to extract the signer email.
    my $signer = `cat $temporary_file | $Conf{'openssl'}  x509 -subject 
-noout`;
    chomp $signer;

    unless ($signer =~ /email=$sender/i) {
        unlink($temporary_file) unless ($main::options{'debug'}) ;      
	do_log('notice', "S/MIME signed message, sender($sender) do NOT match 
signer($signer)",$sender,$signer);
        return undef;
    }


With

    ## second step is the message signer match the sender
    ## a better analyse should be performed to extract the signer email.
    my $signer = `cat $temporary_file | $Conf{'openssl'}  x509 -email -noout`;
    chomp $signer;
    $signer= lc($signer);

    unless ($signer eq $sender) {
        unlink($temporary_file) unless ($main::options{'debug'}) ;      
	do_log('notice', "S/MIME signed message, sender($sender) do NOT match 
signer($signer)",$sender,$signer);
        return undef;
    }


I beleive that's all. Please could you test it and report ?