[rt-devel] openssl and compatibility with S/MIMEv3.1

Alex Vandiver alexmv at bestpractical.com
Tue Dec 9 11:19:13 EST 2014


On 12/09/2014 06:58 AM, Marcos Orallo wrote:
> I plan to do a proper modification and pull request, but I thought it
> would be better asking in the list: is there any reason I am missing
> to keep using "openssl smime"?

Thanks for the thorough investigation!  I was not aware of `openssl
cms`.  I think the only reason I can think to use "openssl smime" is
that "openssl cms" was introduced in OpenSSL 1.0.  Though it was
backported to 0.9.8h, it is not enabled by default there.  As such,
Ubuntu Lucid and Debian squeeze, which are both distributions still
_nominally_ in some amount of support, and which meet all other
requirements to run RT 4.2, would be left in the lurch.

Since the command-line forms of "openssl smime" and "openssl cms" are
compatible, and we're already running `openssl list-standard-commands`,
care to switch the logic to check for cms then smime -- storing the
value in a $self->OpenSSLCommand, like is done with ->OpenSSLPath ?

Thanks again for doing the research.
 - Alex



More information about the rt-devel mailing list