tg44
commented
4 years ago I second this. Thunderbird seems to flag the signature as non-valid. Would be nice to get any info about how to solve/debug this.
Open simonebracaloni opened 4 years ago
tg44
commented
4 years ago I second this. Thunderbird seems to flag the signature as non-valid. Would be nice to get any info about how to solve/debug this.
tg44
commented
4 years ago I can reproduce this; https://gist.github.com/tg44/897b69e8539183b20d2ec6b316fcd25b
Test code; openssl smime -verify -in out3.email -noverify
In summary; if your email is not multipart, the sign will fail. If your mail is multipart, the sign will be ok! We have html emails, so with the nodemailer-html-to-text plugin it will probably work without any effort...
Asheboy
commented
2 years ago For anyone finding this and having issues with signing: to make your email multipart, you'll need both html and text properties on your sendMail call.
Signature verification with OpenSSL fails with:
Verification failure 4416570988:error:21FFF065:PKCS7 routines:func(4095):digest failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.260.1/libressl-2.6/crypto/pkcs7/pk7_doit.c:1040: 4416570988:error:21FFF069:PKCS7 routines:func(4095):signature failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.260.1/libressl-2.6/crypto/pkcs7/pk7_smime.c:407:
I followed the example and add my certificates, but the resulting message fail the smime verification with openssl with the message above. How we can debug?