Re: [PATCH] PKCS#7 signed data handling in MHonArc

[Dominique Quatravaux <dom@idealx.com>]

> Cool.  Are you interested in making the modifications to reflect
> the filter API changes in MHonArc 2.5?  

 Well yes, but not quite right now, sorry (I worked on MHonArc as part
of another job assignment).

> . It appears the PKCS#7 filter requires no patches to the main
>   MHonArc code base.  Is this correct?

 Yes.

> . Can you supply how one would register the filter into MHonArc
>   via the MIMEFILTERS resource?

<MIMEFILTERS>
application/x-pkcs7-mime;IDX::MHOnArcAddOns::filter_pkcs7_mime;mhsite.pl
</MIMEFILTERS>

(you can change file and routine names at will of course)

> . Can you list any external dependencies the filter relies on
>   (e.g. openssl)?

This is the only one. Any version of openssl above 0.9.5 is OK, and
one does not need a configuration file nor a CA hierarchy (this is
what the -noverify option is for). Openssl refuses to output badly
signed text inside correct PKCS#7, though.

> I have not looked into the details of PKCS, but if has to deal
> with multipart/related messages (like SMIME), you can look at
> mhtxthtml.pl to see how a filter can access other parts of
> a message.  Focus on the resolve_cid() routine.

This what I did for 2.4.9. PKCS#7 is a binary format for signature,
its purpose is similar to SMIME except signatures are not
detachable. The payload (at the encapsulation level just under PKCS#7,
once the signature is removed) consists of a MIME document with many
missing headers. During the tests, I was able to deal with multipart
PKCS#7 payloads very well as I mentioned in the previous post.

> If the filter can be updated to be compatible with v2.5, I
> can include it into the standard distribution.

As soon as I have a little spare time, I will try this (and a little
page of documentation in plain text).

-- 
<< Tout n'y est pas parfait, mais on y honore certainement les jardiniers >>

			Dominique Quatravaux <dom@kilimandjaro.dyndns.org>