MIC validation fails for messages sent from a PYAS2 Windows Box

[abhishek-ram]

When I send to the mendelson AS2 server I get everytime different MIC in the MDN response. What is strange, that they send sha-256.

You could test yourself. http://as2.mendelson-e-c.com/

I have attached the keys for the organisation mycompanyAS2 and the partner mendelsontestAS2. I also have attached the MDN message I received.

[abhishek-ram]

The issue occurs because of a limitations with signing messages using M2Crypto.

The signing function of M2Crypto does not let us choose the digest algorithm used for signing a message. Even though we select the algorithm in the partners security settings, it is never used.

So in this case what happens is that it is entirely upto the underlying openssl lib which is inturn used by M2Crypto to choose this signing algorithm. This does not affect *nix installs where the openssl lib uses sha1 to do the signing.

But in case of windows where the latest openssl lib is installed, it uses sha256 to sign the message and when this happens the partner also calculates the mic using sha256 and sends it back to us. In these cases the mic validation failes as we are expecting mic to be in sha1, but are recieving a mic in sha256.

For now since this is only a warning message, we have to ignore this until there is better signing library that provides more control over signatures.

[abhishek-ram]

Fixed this issue by checking the mime headers returned by M2Crypto when signing a message.