From 7c9c115296bd582fbe5eaf5bfe5665189c943b5b Mon Sep 17 00:00:00 2001 From: Hadi Nategh Date: Wed, 6 Feb 2019 13:49:11 +0100 Subject: [PATCH] * Mail: fix not working sending and receiving smime signed messages where certificates have more than 1 domain registered (subjectAltName) --- addressbook/inc/class.addressbook_bo.inc.php | 13 ++++++++++--- api/src/Mail.php | 5 +++-- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/addressbook/inc/class.addressbook_bo.inc.php b/addressbook/inc/class.addressbook_bo.inc.php index 3f586c9bed..cf723d6fa6 100755 --- a/addressbook/inc/class.addressbook_bo.inc.php +++ b/addressbook/inc/class.addressbook_bo.inc.php @@ -303,10 +303,10 @@ class addressbook_bo extends Api\Contacts } else { - $criteria['contact_email'][] = $recipient = strtolower($recipient); + $criteria['contact_email_home'][] = $criteria['contact_email'][] = $recipient = strtolower($recipient); } } - foreach($this->search($criteria, array('account_id', 'contact_email', 'contact_pubkey', 'contact_id'), + foreach($this->search($criteria, array('account_id', 'contact_email', 'contact_email_home', 'contact_pubkey', 'contact_id'), '', '', '', false, 'OR', false, null) as $contact) { // first check for file and second for pubkey field (LDAP, AD or old SQL) @@ -315,7 +315,14 @@ class addressbook_bo extends Api\Contacts $contact['email'] = strtolower($contact['email']); if (empty($criteria['account_id']) || in_array($contact['email'], $recipients)) { - $result[$contact['email']] = $content; + if (in_array($contact['email_home'], $recipients)) + { + $result[$contact['email_home']] = $content; + } + else + { + $result[$contact['email']] = $content; + } } else { diff --git a/api/src/Mail.php b/api/src/Mail.php index 7fa923783e..758f58a747 100644 --- a/api/src/Mail.php +++ b/api/src/Mail.php @@ -7541,8 +7541,9 @@ class Mail 'signed' => true )); // check for email address if both signer email address and - // email address of sender are the same. - if (is_array($from) && strcasecmp($from[0], $cert->email) != 0) + // email address of sender are the same. It also takes subjectAltName emails into account. + if (is_array($from) && strcasecmp($from[0], $cert->email) != 0 + && stripos($metadata['certDetails']['extensions']['subjectAltName'],$from[0]) === false) { $metadata['unknownemail'] = true; $metadata['msg'] .= ' '.lang('Email address of signer is different from the email address of sender!');