View Issue Details

IDProjectCategoryView StatusLast Update
0005688SOGoWeb Mailpublic2023-01-29 14:54
ReporterMSK Assigned To 
PrioritynormalSeverityminorReproducibilityalways
Status newResolutionopen 
Platform[Server] LinuxOSRHEL/CentOSOS Version5
Product Version5.8.0 
Summary0005688: Password of official S/MIME certificate not accepted
Description

Recently I needed to renew my S/MIME certificate.
This certificate was issued by SwissSign.

Several tries of importing this certificate failed.

On the server side I received:
sogod FATAL: could not parse PKCS12 certificate with provided password: mac verify failure

I converted the certificate to a passwordless certificate and received:
sogod FATAL: could not parse PKCS12 certificate with provided password: unsupported

To verify I tried to import the certificate into Mozilla Thunderbird, which succeeded.

To doubleverify I created a self-signed certificate, again the import into sogo failed.

So there seems to be problem with sogo. The last time I imported a certificate sogo was at version 4.6.something.

Any clues?

Martin.

Steps To Reproduce

see above

Additional Information

The server is an opensuse server.

TagsNo tags attached.

Activities

MSK

MSK

2023-01-28 10:17

reporter   ~0016616

The last time I imported a certificate sogo was at version 5.6.something .

MSK

MSK

2023-01-29 14:54

reporter   ~0016617

I am glad that I can answer this myself:
Enabling debugging did not yield additional information.

However, the openssl version 3 library was/is the problem.
I built the latest version of SOGo with version 3.0.7 of the library (latest version).
This resulted in the failure.
When I reverted back to version 1.1.1 of the openssl library the import of the certificate succeeded.

So it is proven that version 5.8.0 of SOGo does not work with version 3.0.7 of openssl.

Martin.

Issue History

Date Modified Username Field Change
2023-01-28 10:11 MSK New Issue
2023-01-28 10:17 MSK Note Added: 0016616
2023-01-29 14:54 MSK Note Added: 0016617