SMIME support does not support email address in x509v3 extension

Gerald_Vogt · July 28, 2017, 6:46am

I have just enabled SMIME support in RT 4.4.2 and noticed that it doesn’t really like our smime certificates. When it receives a signed email, there are a couple of errors in the logs:

Jul 28 08:21:46 rt4 RT: [10528] Use of uninitialized value in concatenation (.) or string at /usr/local/rt4/sbin/../lib/RT/Crypt/SMIME.pm line 946.
Jul 28 08:21:46 rt4 RT: [10528] Use of uninitialized value in concatenation (.) or string at /usr/local/rt4/sbin/../lib/RT/Crypt/SMIME.pm line 967.
Jul 28 08:21:46 rt4 RT: [10528] Use of uninitialized value in concatenation (.) or string at /usr/local/rt4/sbin/../lib/RT/Crypt/SMIME.pm line 967.
Jul 28 08:21:46 rt4 RT: [10528] Use of uninitialized value in concatenation (.) or string at /usr/local/rt4/sbin/../lib/RT/Crypt/SMIME.pm line 522.
Jul 28 08:21:46 rt4 RT: [10528] Use of uninitialized value $v in concatenation (.) or string at /usr/local/rt4/sbin/../lib/RT/Crypt/SMIME.pm line 654.

It also doesn’t show the issuer in the web interface:

SMIME: The signature is good, signed by , trust is full

I have checked the res hash and it doesn’t have a String value set for either Issuer nor User. That again seems to be set only if the certificate of the subject or issues contains an email address in the cn (function canonicalize). Our certificates, however, have the email address set in the x509v3 extension “Subject Alternative Name”.

mkosmach · July 28, 2017, 11:38am

Can You check my old patch in Your environment?

Gerald_Vogt · July 28, 2017, 1:41pm

Just wrote a comment on the commit. it’s the right direction.

chaniadimitris · April 8, 2022, 5:10pm

Hello, any news on this? We have the same warning logs (RT4.4.4).
We have set the PEM-formatted certificate of the CA in RT_SiteConfig.pm
and can get the isser name in the web interface, however without trust to the CA.

SMIME:	The signature is good, signed by "XXX", trust is none

logs:

[18699] [Fri Apr  8 16:49:35 2022] [warning]: Use of uninitialized value in concatenation (.) or string at /opt/rt4/sbin/../lib/RT/Crypt/SMIME.pm line 970. (/opt/rt4/sbin/../lib/RT/Crypt/SMIME.pm:970)
[18699] [Fri Apr  8 16:49:35 2022] [warning]: Use of uninitialized value in concatenation (.) or string at /opt/rt4/sbin/../lib/RT/Crypt/SMIME.pm line 988. (/opt/rt4/sbin/../lib/RT/Crypt/SMIME.pm:988)
[18814] [Fri Apr  8 16:58:34 2022] [warning]: Use of uninitialized value in concatenation (.) or string at /opt/rt4/sbin/../lib/RT/Crypt/SMIME.pm line 970. (/opt/rt4/sbin/../lib/RT/Crypt/SMIME.pm:970)
[18814] [Fri Apr  8 16:58:34 2022] [warning]: Use of uninitialized value in concatenation (.) or string at /opt/rt4/sbin/../lib/RT/Crypt/SMIME.pm line 988. (/opt/rt4/sbin/../lib/RT/Crypt/SMIME.pm:988)