Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Set the micalg header parameter correctly when using SHA-256.
This took me the better part of a day to research and figure out, so would appreciate a second pair of eyes and/or some testing. New-ish versions of openssl use SHA-256 as the message digest alg. when smime signing while other versions use SHA-1. This causes some clients to reject the signature, which I believe to be the correct behavior. PHP's openssl_pkcs7_* methods don't allow setting or reading the md method so we are left with either parsing the entire DER binary stream using something like phpseclib and pulling out the digest method, forgoing the openssl_* methods and call the openssl executable's smime tool to directly to do the signature, or we can use openssl executable's asn1parse command and search for a known string indicating SHA-256 is being used. The first option is overkill, the second option would defeat the purpose of having the more efficient openssl_* methods and would require writing out a copy of the private key to temporary storage, so I went with the third option.
- Loading branch information