Re: [exim] DKIM pubkey_dns_syntax

Top Page
Delete this message
Reply to this message
Author: Heiko Schlittermann
Date:  
To: exim-users
Subject: Re: [exim] DKIM pubkey_dns_syntax
Jeremy Harris <jgh@???> (So 03 Dez 2017 16:00:25 CET):
> On 03/12/17 07:45, Torsten Tributh via Exim-users wrote:


> It's therefore legitimate (in standards-lawyer terms) to take the first
> TXT RR, find it fails validation, and give up. I'm assuming here that
> your "dig" output is showing two separate RRs; were they two strings in
> a single RR (I don't know if that can happen, but there's wording in the
> DKIM RFC implying so) then we should be concatenating the strings to
> get a dkim record to validate, and that will certainly not be valid.
>
> So, would it be more useful for exim to "cycle through the key records"
> per the alternate RFC permitted action? Probably, yes. Raise a
> wishlist-level bug if you're interested in that.


I've fixed it that way, that I ignore leading non-DKIM records, as soon
as I receive them from DNS. (trailing non-DKIM records do not matter,
since the relevant function returns the 1st DKIM record it encounters
(as it did before, with the exception, that it didn't return the first
DIM record, but the first TXT record.)

If you'd like to check out and test in real life:

    git://git.exim.org/~heiko/exim.git 


The branch hs-fix-2207 contains an additional testsuite test
and a small one-liner fix

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
-- 
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -