Signature Verification Failures

[abhishek-ram]

Facing signature varification failures when testing with Mendelson AS2.

@klaasfeenstra, Can you please provide details of the error you are facing so that we can track and fix this bug.

[mreinigjr]

I have been trying to figure this issue out for several hours now. Any thoughts as to where it is coming from? I thought I had this pinned in as2utils.py, function sign_payload, but I am not so sure anymore because I am struggling on how to fix it. If you print out the result from line 320, which is:

micalg = signed_message.get_param('micalg')

you get sha-256. So when openssl is signing the payload, it is using sha-256. I thought it had something to do with a flag that needs to be sent to OpenSSL through M2crypto, or if sha256 is set as the default option in OpenSSL, but I am losing hope in these. We should be able to pass the -md flag like this:

openssl smime -md sha1...

through m2crypto, but I don't see how you set this flag in m2crypto. Any thoughts?

openssl smime docs: https://www.openssl.org/docs/apps/smime.html

[abhishek-ram]

There is no way to set the signature algorithm with M2Crypto-Openssl, It is choosing this algorithm on its own. So I have implemented a fix for this such that once M2Crypto signs the message I check which is the algorithm in the MIME header and then set that to be the signature algorithm for the message. So the current Partner setting for signature algorithm is a dummy field.

I am planning to fix this by using pyasn1 #5