S/MIME - email address returned all-lowercase
Categories
(NSS :: Libraries, enhancement, P3)
Tracking
(Not tracked)
People
(Reporter: liebundartig, Unassigned)
Details
Attachments
(1 file)
Steps to reproduce:
I reported a bug for Evolution regarding S/MIME: https://gitlab.gnome.org/GNOME/evolution/-/issues/2542#note_1864836
Evolution's maintainer told me NSS functions are used. NSS_CMSSignerInfo_GetSignerEmailAddress() is used.
NSS version on Fedora 38 Workstation:
$ rpm -q nss
nss-3.93.0-1.fc38.x86_64
Actual results:
It returns the subject attribute value of the S/MIME certificate in all-lowercase, even if it is in mixed-case in the signature.
Expected results:
Microsoft Outlook displays the subject attribute value in mixed-case. In Evolution's certificate details window the "Identity" attribute value shows the expected mixed case, but the "Subject -> Email" attribute value uses all-lowercase.
Is there an advantage in making the display and comparison case-sensitive in NSS?
|
Reporter | |
Comment 1•7 months ago
|
||
I think I found a wrong comment in the source:
NSS_CMSSignerInfo_GetSignerCommonName @ https://hg.mozilla.org/projects/nss/file/tip/lib/smime/cmssiginfo.c#l693
NSS_CMSSignerInfo_GetSignerEmailAddress @ https://hg.mozilla.org/projects/nss/file/tip/lib/smime/cmssiginfo.c#l713
Both read "return the common name of the signer". I guess the latter must be changed to "return the email address of the signer". If true, could you change it, please?
|
||
Comment 2•6 months ago
•
|
||
Kai, could you please check priority and severity for this, please ? Thanks !
|
|
||
Updated•6 months ago
|
|
||
Comment 3•5 months ago
|
||
As I understand it, the complaint is that NSS incorrectly reports the signer's email address?
While the local name part of an email address is allowed to be case sensitive, I think that in practice it's usually treated as being case insensitive. That's probably why NSS returns the all-lowercase version, because it applies that conversion prior to comparison etc. operations.
I understand you're asking for a way to obtain unmodified version of the email address.
I think we shouldn't change the behavior of the existing function, to avoid unexpected side effects.
We could add another function, e.g. NSS_CMSSignerInfo_GetLiteralSignerEmailAddress that returns the original value.
Would that solve the problem?
If the Evolution developers are interested to fix this, please let me know, and we could consider to add that function.
|
|
Reporter | |
Comment 4•5 months ago
|
||
As I understand it, the complaint is that NSS incorrectly reports the signer's email address?
...
I understand you're asking for a way to obtain unmodified version of the email address.
Yes.
I think we shouldn't change the behavior of the existing function, to avoid unexpected side effects.
I agree.
We could add another function, e.g. NSS_CMSSignerInfo_GetLiteralSignerEmailAddress that returns the original value.
Would that solve the problem?
Yes.
If the Evolution developers are interested to fix this, please let me know, and we could consider to add that function.
I asked downstream for feedback in the ticket mentioned above and will keep you posted here.
|
|
Reporter | |
Comment 5•5 months ago
|
||
Downstream is fine with creation of a new function.
|
|
||
Comment 6•5 months ago
|
||
This isn't a priority, but I spent a few minutes hacking a patch.
I'd appreciate testing if this actually works.
|
|
||
Updated•5 months ago
|
|
|
||
Comment 8•5 months ago
|
||
|
|
Reporter | |
Comment 9•5 months ago
|
||
Thank you. I conveyed your message and keep you posted.
Description
•