multipart/signed interoperability

Hi all,

Thanks for all responses regarding my multipart/signed questions. Some ofthe problems I encountered were problems related to our own PKCS7 module.

Still I have found some interoperability problems when signing/verifyingMIME multipart bodies. Attached are four different S/MIME messages. The twofiles ending in _fail could not be verified by openssl. These two files arethe two non _fail files modified with an extra CRLF added (see below).However both _fail files could be verified by Outlook Express 5.0.

The two files starting with signed... were created by OE while the onesnamed openssl... were created by (surprise!) openssl.


My conclusions are the following:

OE verifies:
----------------------------------------
Content-Type multipart/signed boundary=outer

--outer

Content-Type: multipart/somethingboundary=inner //Signature starts on C

...
--inner
Content-Type: text/plain
...
--inner
Content-Type: text/html
...
--inner--

<CRLF> //Signature stops on first CRLF afterending inner boundary

<CRLF>
<CRLF>
<CRLF>
--outer
...



Openssl verifies:
-----------------------------------------
Content-Type multipart/signed boundary=outer

--outer

Content-Type: multipart/somethingboundary=inner //Signature starts on C

...
--inner
Content-Type: text/plain
...
--inner
Content-Type: text/html
...
--inner--
<CRLF>
<CRLF>

<CRLF> //Signature stops at the second to last CRLF before theouter boundary.

<CRLF>
--outer
...

-------------------------------------------------------

When seperating the inner multipart and the outer boundary with TWOboundarys, OE and Openssl will verify the same data. Else one of them willfail depending on who signed the data.


Signing and verifying a simple Mime body is interoperable.

/Peter

signed_multi.eml
Description: Text document

signed_multi_fail.eml
Description: Text document

openssl_multi_sign_sent.eml
Description: Text document

openssl_multi_sign_sent_fail.eml
Description: Text document