Debug "no AR headers found, chain terminated" when not the case?
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
dkimpy |
Fix Released
|
High
|
Scott Kitterman |
Bug Description
Hi!
Using `dkimpy` v0.7, I stumble accross an odd behaviour.
Maybe I'm wrong and I missed a specification from the ARC RFC, but I saved a GMail basic message, containing headers like:
ARC-Seal
ARC-Message-
ARC-Authenticat
And tried to sign this email with my domain, using the following command:
arc_seal = dkim.ARC(data, logger=
The result is an empty string, with this message in the log:
> no AR headers found, chain terminated
Checking the code at this location, I found that you are searching for `Authentication
Shouldn't it be `ARC-Authentica
By the way, when the data is (considered) invalid, the `sign` function returns an empty string, but when successful, it returns an list.
Shouldn't it be better to stay consistent with the return value? Say, when there is an error, instead of returning an empty string, returning an empty list? This wouldn't break the code and/or force us to make tests on the results. (just a thought).
Thanks :)
Hello,
In dkimpy 0.7 the ARC signing API has changed. Instead of passing
"improvmx.com: none", dkim.CV_Pass
as the final arguments to the call, you simply would pass" improvmx.com",
which is the domain in the Authentication Results header, and the code will
parse the ARC validation value out of this header.
Regards,
=Gene
On Thu, Feb 8, 2018 at 2:01 AM, Cyril N. <email address hidden> wrote:
> Public bug reported: Signature ion-Results log).sign( 'arc-20171221' , id_rsa' , "rb").read(), "improvmx.com: none", -Results` headers. tion-Results` instead? Maybe that's what /bugs.launchpad .net/bugs/ 1748146 Signature ion-Results log).sign( 'arc-20171221' , id_rsa' , "rb").read(), "improvmx.com: -Results` headers. tion-Results` instead? Maybe that's
>
> Hi!
>
> Using `dkimpy` v0.7, I stumble accross an odd behaviour.
> Maybe I'm wrong and I missed a specification from the ARC RFC, but I saved
> a GMail basic message, containing headers like:
>
> ARC-Seal
> ARC-Message-
> ARC-Authenticat
>
> And tried to sign this email with my domain, using the following
> command:
>
> arc_seal = dkim.ARC(data, logger=
> 'improvmx.com', open('certs/
> dkim.CV_Pass)
>
> The result is an empty string, with this message in the log:
>
> > no AR headers found, chain terminated
>
> Checking the code at this location, I found that you are searching for
> `Authentication
>
> Shouldn't it be `ARC-Authentica
> is causing the issue?
>
> By the way, when the data is (considered) invalid, the `sign` function
> returns an empty string, but when successful, it returns an list.
>
> Shouldn't it be better to stay consistent with the return value? Say,
> when there is an error, instead of returning an empty string, returning
> an empty list? This wouldn't break the code and/or force us to make
> tests on the results. (just a thought).
>
> Thanks :)
>
> ** Affects: dkimpy
> Importance: Undecided
> Status: New
>
> --
> You received this bug notification because you are a member of dkimpy
> developers, which is subscribed to dkimpy.
> https:/
>
> Title:
> Debug "no AR headers found, chain terminated" when not the case?
>
> Status in dkimpy:
> New
>
> Bug description:
> Hi!
>
> Using `dkimpy` v0.7, I stumble accross an odd behaviour.
> Maybe I'm wrong and I missed a specification from the ARC RFC, but I
> saved a GMail basic message, containing headers like:
>
> ARC-Seal
> ARC-Message-
> ARC-Authenticat
>
> And tried to sign this email with my domain, using the following
> command:
>
> arc_seal = dkim.ARC(data, logger=
> 'improvmx.com', open('certs/
> none", dkim.CV_Pass)
>
> The result is an empty string, with this message in the log:
>
> > no AR headers found, chain terminated
>
> Checking the code at this location, I found that you are searching for
> `Authentication
>
> Shouldn't it be `ARC-Authentica
> what is causing the issue?
>
> By the way, when the data is (considered) invalid, the `sign` function
> returns an empty string, but when successful, it returns an list.
>
> Shouldn't it be better to stay consistent with the return value? Say,
> when there is an error, instead of returning an empty string,
> returning an empty list...