RealityRipple/S-Mime-Verification
Folders and files
| Name | Name | Last commit date | ||
|---|---|---|---|---|
Repository files navigation
S/MIME Verification plugin for SquirrelMail =========================================== Ver 1.2, 2018/04/23 Copyleft (-) 2017-2019 Andrew Sachen <[email protected]> Copyright (c) 2005-2012 Paul Lesniewski <[email protected]> Copyright (c) 2005 Khedron Wilk <[email protected]> Copyright (c) 2004 Scott Heavner Copyright (c) 2003 Antonio Vasconcelos <[email protected]> Copyright (c) 2001-2003 Wouter Teepe <[email protected]> Description =========== This plugin enables the viewing of S/MIME signed messages (those that are sent in the "multipart/signed" mime format). The user is able to verify the message, the sender's certificate, and can view and download the certificate. This plugin requires OpenSSL to be installed, as it does not use the OpenSSL extensions of PHP (that is a *feature*, since the PHP extensions have been known to be buggy). Note that this plugin does NOT *generate* new S/MIME signed emails. See the file README.vasco for further tips. Donations ========= If you or your company make regular use of this software, please consider supporting Open Source development by donating to the authors or inquire about hiring them to consult on other projects. Donation/wish list links for the author(s) are as follows: Andrew Sachen: https://realityripple.com/donate.php?itm=Squirrel+S/MIME Paul Lesniewski: https://squirrelmail.org/donate_paul_lesniewski.php License ======= This plugin is released under the GNU General Public License (see COPYING for details). Requirements ============ * OpenSSL (ALWAYS have the newest version installed!) * SquirrelMail version 1.1.1 or above * If not using SquirrelMail 1.4.10+ or 1.5.2+, Compatibility plugin version 2.0.7 or above Troubleshooting =============== * Make sure the plugin is configured correctly by browsing to http://your-squirrelmail-location/src/configtest.php * If you experience problems related to the programs needed by this plugin (echo and openssl), typing "which echo" and "which openssl" on a command line can help. This plugin assumes you have these programs installed and available and should only be installed once you have those tools. * If you are uncertain why a certain signature is not verified (when you think it should be), you can execute the verification yourself on the command line. Find the message source file in your mail store and use it in the following command: cat <message file> | openssl smime -verify -CApath /etc/ssl/certs Change the CApath argument as necessary (same as you did in the configuration file for this plugin). You may also save the signer's certificate for further inspection: cat <message file> | openssl smime -verify -signer <new cert> -CApath /etc/ssl/certs Then you can display the signer's certificate details: openssl x509 -in <cert file> -text * If you make use of the included CA bundle and find that it falls out of date, you can always generate a new one yourself. A script called "mkcabundle.pl" is included in the data directory of this plugin that contains instructions on how to do so. View the contents of that script to learn how to get the newest list of root certificates and then how to convert them to the correct format. * If changes to the configuration file don't seem to be having any effect, ensure that you are editing the correct configuration file. If one is located in the main SquirrelMail config directory (named "config_smime.php"), it will always be used. Otherwise, "config.php" in the smime plugin directory will be used. Help Requests ============= Before looking for help elsewhere, please try to help yourself: * Read the Troubleshooting section herein. * Make sure the plugin is configured correctly by browsing to http://your-squirrelmail-location/src/configtest.php * Look to see if others have already asked about the same issue. There are tips and links for the best places to do this in the SquirrelMail mailing list posting guidelines: http://squirrelmail.org/wiki/MailingListPostingGuidelines You should also try Google or some other search engine. * If you cannot find any information about your issue, please first mail your help request to the squirrelmail-plugins mailing list. Information about it can be found here: http://lists.sourceforge.net/mailman/listinfo/squirrelmail-plugins You MUST read the mailing list posting guidelines (see above) and include as much information about your issue (and your system) as possible. Including configtest output, any debug output, the plugin configuration settings you've made and anything else you can think of to make it easier to diagnose your problem will get you the most useful responses. Inquiries that do not comply with the posting guidelines are liable to be ignored. * If you don't get any replies on the mailing list, you are welcome to send a help request to the authors' personal address(es), but please be patient with the mailing list. Change Log ========== v1.2 2018/04/23 Andrew Sachen <[email protected]> * Updated ca-bundle.crt * Standardized UID fetch, removing uid_support variable * Improve message body fetch failure response * Take send date into account * Display verify failure warnings v1.1 2017/10/13 Andrew Sachen <[email protected]> * Updated ca-bundle.crt * Fetch by UID and peek the body in all cases v1.1a 2015/07/02 Walter Hoehlhubmer <[email protected]> * Fix potential error messages and close PHP tags on files * Add states for unmodified, unverified unmodified, modified, unverified modified, and invalid signatures * Consolidate OpenSSL commands into a single script * Add complete cert viewer * Add SHA-1 and SHA-256 fingerprints v1.0 2012/01/01 Paul Lesniewski <[email protected]> * Improve email detection in signer certificates * Updated ca-bundle.crt (its location has also been changed, so if you use the $easycerts configuration setting, you will need to update it - see the example configuration file) * Remove use of deprecated ereg* functions v0.7 2008/09/19 Paul Lesniewski <[email protected]> * Fix issue where attachment would start showing below the message after having viewed the message at least once * Allow configuration files to be kept in the main SquirrelMail config directory * Updated for SquirrelMail 1.5.2 compatibility * Internationalized all output * General cleanup v0.6 2005/02/06 Paul Lesniewski <[email protected]> * Fixed command injection vulnerability (Thanks to iDEFENSE Labs for the professional manner in which they reported this issue) * Fixed superglobal access * Removed chdir statements * Distribution now only comes with config.php.sample * Other minor cleanup (SM_PATH, etc) v0.5 2004/05/04 Scott Heavner * Update for SquirrelMail v1.4.2 * Fix IMAP header/get code that was blowing up * Dumb-down setup.php - no includes unless we're doing something, move guts to functions.php * include ca-bundle.crt (dump of netscape's default root store certificates) * automatically create cert_in dir if not exists * add more detail to INSTALL * release v0.5 v0.4 2003/04/11 Antonio Vasconcelos <[email protected]> * Modified to work with squirrelmail 1.2.11, PHP 4.3.1, openssl 0.9.7a in linux with kernel 2.4.18 * See the file README.vasco v0.3 2002/02/08 Wouter Teepe <[email protected]> * Some small bugfixes v0.2 2001/10/25 Wouter Teepe <[email protected]> * ?
