Author Topic: Error since s/MIME implementation with untrusted certs  (Read 5207 times)

orchal

  • Newbie
  • *
  • Posts: 3
Error since s/MIME implementation with untrusted certs
« on: April 21, 2021, 10:19:30 am »
Hi,

Since the last update, AquaMail throws this error for untrusted cert in signed emails:

***** ERROR: Exception caught in processTask for [org.kman.AquaMail.mail.imap.ImapTask_Sync@1e3f45d, u = content://org.kman.AquaMail.data/accounts/9/folders/357, t = 69459769, a = [org.kman.AquaMail.mail.MailAccount@2ea6322: id = 9, username = xxxxxx, email = xxxxxx, name = xxxxx]]
org.kman.AquaMail.mail.smime.SMimeError: Failed to find proper S/MIME certificate
   at org.kman.AquaMail.cert.smime.e.a(SourceFile:39)
   at org.kman.AquaMail.cert.smime.e.a(SourceFile:10)
   at org.kman.AquaMail.mail.pop3.g.a(SourceFile:99)
   at org.kman.AquaMail.mail.pop3.g.a(SourceFile:11)
   at org.kman.AquaMail.mail.imap.ImapCmd_FetchRfc822$ImapCmd_FetchRfc822_Full.a(SourceFile:45)
   at org.kman.AquaMail.mail.imap.h.c(SourceFile:33)
   at org.kman.AquaMail.mail.imap.ImapCmd.k(SourceFile:1)
   at org.kman.AquaMail.mail.z.p(SourceFile:3)
   at org.kman.AquaMail.mail.imap.ImapCmd_FetchRfc822$ImapCmd_FetchRfc822_Full.run(SourceFile:1)
   at org.kman.AquaMail.mail.imap.ImapTask_Sync.a(SourceFile:1048)
   at org.kman.AquaMail.mail.imap.ImapTask_Sync.b(SourceFile:50)
   at org.kman.AquaMail.mail.imap.ImapTask_Sync.a(SourceFile:169)
   at org.kman.AquaMail.mail.imap.ImapTask_Sync.e(SourceFile:11)
   at org.kman.AquaMail.mail.imap.ImapTask_Sync.H(SourceFile:47)
   at org.kman.AquaMail.core.r.a(SourceFile:11)
   at org.kman.AquaMail.core.s$c.run(SourceFile:9)
   at java.lang.Thread.run(Thread.java:919)

There's no problem when the certificates are valid.

Thanks!
« Last Edit: April 21, 2021, 10:21:44 am by orchal »

orchal

  • Newbie
  • *
  • Posts: 3
Re: Error since s/MIME implementation with untrusted certs
« Reply #1 on: April 27, 2021, 08:55:33 am »
Hi,

The latest update does not fix the issue.
Like others threads here, we are taking about invalid server response.

I confirm that if I move emails with untrusted signature, it works.

Thanks!

Anton Donchev

  • Newbie
  • *
  • Posts: 32
Re: Error since s/MIME implementation with untrusted certs
« Reply #2 on: April 27, 2021, 01:13:59 pm »
Hi orchal,

I'd like to ask how do you reproduce the issue, are you receiving mails signed with untrusted certificate or you are trying to sign an email with untrusted certificates.

In AquaMail we currently do not support signing/encrypting with Untrusted certificates as it is posing a security risk.

If someone is sending you such email it should not give you an error, but instead when you open the email in Security Info it should state that the Signature cannot be trusted.

Do you have an example of such email that you could send us as an eml?
Even better if you could generate such an email and send us an example to smime3@mobisystems.com?

Thanks,
Anton.
   AquaMail Developer

Anton Donchev

  • Newbie
  • *
  • Posts: 32
Re: Error since s/MIME implementation with untrusted certs
« Reply #3 on: April 27, 2021, 09:49:05 pm »
Could you check if this is still happening in the latest version (1.29.1-1806) we released today?
   AquaMail Developer

orchal

  • Newbie
  • *
  • Posts: 3
Re: Error since s/MIME implementation with untrusted certs
« Reply #4 on: April 28, 2021, 09:47:42 am »
Hi,

Great jobs, it works with the last update! Thanks!
The issue was with emails received with a wrong certificate, I'm surely not trying to do it myself hehe (that's part of my job to deliver signing certificates)!

I was expected that those kind of emails should warn about security but not crash the sync as you said, and you fix this issue.

I hope other "invalid server response" were thrown because of this statement.

Best regards