Default canonicalization ("c" parameter) must be "simple/simple", not "relaxed/relaxed"
Bug #1839299 reported by
Cyril N.
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
dkimpy |
Fix Released
|
High
|
Scott Kitterman |
Bug Description
Hi!
I just spent an awful lot of time trying to figure out why Dkimpy was refusing messages that, when tested on other services (like https:/
After hours of searching, I discovered that by default, dkim py set the canonicalization policy to "relaxed/relaxed" (on the DomainSigner.
https:/
> c= Message canonicalization (plain-text; OPTIONAL, default is "simple/simple").
This is why some messages are refused by dkimpy where they shouldn't.
Changed in dkimpy: | |
status: | New → In Progress |
importance: | Undecided → High |
assignee: | nobody → Scott Kitterman (kitterman) |
milestone: | none → 0.9.3 |
status: | In Progress → Fix Committed |
To post a comment you must log in.
Here's a quick fix in the meantime:
``` List, MessageFormatError, validate_ signature_ fields, re self,idx= 0,dnsfunc= get_txt) :
def patch_dkim():
from dkim import get_txt, parse_tag_value, InvalidTagValue
def new_verify(
sigheaders = [(x,y) for x,y in self.headers if x.lower() == b"dkim-signature"]
if len(sigheaders) <= idx:
return False
# By default, we validate the first DKIM-Signature line found. value(sigheader s[idx][ 1])
self. signature_ fields = sig ror(e)
try:
sig = parse_tag_
except InvalidTagValueList as e:
raise MessageFormatEr
self.domain = sig[b'd']
if b'c' not in sig:
sig[ b'c'] = b'simple/simple'
return self.verify_ sig(sig, include_headers, sigheaders[idx], dnsfunc)
dkim. DKIM.verify = new_verify
patch_dkim()
```