AquaMail Forum

English - Android => S/MIME => Topic started by: orchal on April 21, 2021, 10:19:30 am

Title: Error since s/MIME implementation with untrusted certs
Post by: orchal on April 21, 2021, 10:19:30 am

Hi,

Since the last update, AquaMail throws this error for untrusted cert in signed emails:

***** ERROR: Exception caught in processTask for [org.kman.AquaMail.mail.imap.ImapTask_Sync@1e3f45d, u = content://org.kman.AquaMail.data/accounts/9/folders/357, t = 69459769, a = [org.kman.AquaMail.mail.MailAccount@2ea6322: id = 9, username = xxxxxx, email = xxxxxx, name = xxxxx]]
org.kman.AquaMail.mail.smime.SMimeError: Failed to find proper S/MIME certificate
   at org.kman.AquaMail.cert.smime.e.a(SourceFile:39)
   at org.kman.AquaMail.cert.smime.e.a(SourceFile:10)
   at org.kman.AquaMail.mail.pop3.g.a(SourceFile:99)
   at org.kman.AquaMail.mail.pop3.g.a(SourceFile:11)
   at org.kman.AquaMail.mail.imap.ImapCmd_FetchRfc822$ImapCmd_FetchRfc822_Full.a(SourceFile:45)
   at org.kman.AquaMail.mail.imap.h.c(SourceFile:33)
   at org.kman.AquaMail.mail.imap.ImapCmd.k(SourceFile:1)
   at org.kman.AquaMail.mail.z.p(SourceFile:3)
   at org.kman.AquaMail.mail.imap.ImapCmd_FetchRfc822$ImapCmd_FetchRfc822_Full.run(SourceFile:1)
   at org.kman.AquaMail.mail.imap.ImapTask_Sync.a(SourceFile:1048)
   at org.kman.AquaMail.mail.imap.ImapTask_Sync.b(SourceFile:50)
   at org.kman.AquaMail.mail.imap.ImapTask_Sync.a(SourceFile:169)
   at org.kman.AquaMail.mail.imap.ImapTask_Sync.e(SourceFile:11)
   at org.kman.AquaMail.mail.imap.ImapTask_Sync.H(SourceFile:47)
   at org.kman.AquaMail.core.r.a(SourceFile:11)
   at org.kman.AquaMail.core.s$c.run(SourceFile:9)
   at java.lang.Thread.run(Thread.java:919)

There's no problem when the certificates are valid.

Thanks!

Title: Re: Error since s/MIME implementation with untrusted certs
Post by: orchal on April 27, 2021, 08:55:33 am

Hi,

The latest update does not fix the issue.
Like others threads here, we are taking about invalid server response.

I confirm that if I move emails with untrusted signature, it works.

Thanks!

Title: Re: Error since s/MIME implementation with untrusted certs
Post by: Anton Donchev on April 27, 2021, 01:13:59 pm

Hi orchal,

I'd like to ask how do you reproduce the issue, are you receiving mails signed with untrusted certificate or you are trying to sign an email with untrusted certificates.

In AquaMail we currently do not support signing/encrypting with Untrusted certificates as it is posing a security risk.

If someone is sending you such email it should not give you an error, but instead when you open the email in Security Info it should state that the Signature cannot be trusted.

Do you have an example of such email that you could send us as an eml?
Even better if you could generate such an email and send us an example to smime3@mobisystems.com?

Thanks,
Anton.

Title: Re: Error since s/MIME implementation with untrusted certs
Post by: Anton Donchev on April 27, 2021, 09:49:05 pm

Could you check if this is still happening in the latest version (1.29.1-1806) we released today?

Title: Re: Error since s/MIME implementation with untrusted certs
Post by: orchal on April 28, 2021, 09:47:42 am

Hi,

Great jobs, it works with the last update! Thanks!
The issue was with emails received with a wrong certificate, I'm surely not trying to do it myself hehe (that's part of my job to deliver signing certificates)!

I was expected that those kind of emails should warn about security but not crash the sync as you said, and you fix this issue.

I hope other "invalid server response" were thrown because of this statement.

Best regards