SquirrelMail Plugin. Enables the viewing of S/MIME signed messages (those that are sent in the "multipart/signed" mime format). The user is able to verify the message, the sender's certificate, and can view and download the certificate.
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


S/MIME Verification plugin for SquirrelMail
Ver 1.2, 2018/04/23

Copyleft  (-) 2017-2019 Andrew Sachen <webmaster@realityripple.com>
Copyright (c) 2005-2012 Paul Lesniewski <paul@squirrelmail.org>
Copyright (c) 2005 Khedron Wilk <khedron@wilk.se>
Copyright (c) 2004 Scott Heavner
Copyright (c) 2003 Antonio Vasconcelos <vasco@threatconn.com>
Copyright (c) 2001-2003 Wouter Teepe <wouter@teepe.com>


This plugin enables the viewing of S/MIME signed messages (those that
are sent in the "multipart/signed" mime format).  The user is able to
verify the message, the sender's certificate, and can view and download
the certificate.

This plugin requires OpenSSL to be installed, as it does not use the
OpenSSL extensions of PHP (that is a *feature*, since the PHP extensions
have been known to be buggy).

Note that this plugin does NOT *generate* new S/MIME signed emails.

See the file README.vasco for further tips.


If you or your company make regular use of this software,
please consider supporting Open Source development by
donating to the authors or inquire about hiring them to
consult on other projects.  Donation/wish list links for
the author(s) are as follows:

Andrew Sachen: https://realityripple.com/donate.php?itm=Squirrel+S/MIME
Paul Lesniewski: https://squirrelmail.org/donate_paul_lesniewski.php


This plugin is released under the GNU General Public
License (see COPYING for details).


  * OpenSSL (ALWAYS have the newest version installed!)

  * SquirrelMail version 1.1.1 or above

  * If not using SquirrelMail 1.4.10+ or 1.5.2+,
    Compatibility plugin version 2.0.7 or above


  * Make sure the plugin is configured correctly by browsing to

  * If you experience problems related to the programs needed by
    this plugin (echo and openssl), typing "which echo" and
    "which openssl" on a command line can help.  This plugin
    assumes you have these programs installed and available and
    should only be installed once you have those tools.

  * If you are uncertain why a certain signature is not verified
    (when you think it should be), you can execute the verification
    yourself on the command line.  Find the message source file in
    your mail store and use it in the following command:

       cat <message file> | openssl smime -verify -CApath /etc/ssl/certs

    Change the CApath argument as necessary (same as you did in
    the configuration file for this plugin).  You may also save
    the signer's certificate for further inspection:

       cat <message file> | openssl smime -verify -signer <new cert> -CApath /etc/ssl/certs

    Then you can display the signer's certificate details:

       openssl x509 -in <cert file> -text

  * If you make use of the included CA bundle and find that it
    falls out of date, you can always generate a new one yourself.
    A script called "mkcabundle.pl" is included in the data
    directory of this plugin that contains instructions on how to
    do so.  View the contents of that script to learn how to get
    the newest list of root certificates and then how to convert
    them to the correct format.

  * If changes to the configuration file don't seem to be having any
    effect, ensure that you are editing the correct configuration
    file.  If one is located in the main SquirrelMail config directory
    (named "config_smime.php"), it will always be used.  Otherwise,
    "config.php" in the smime plugin directory will be used.

Help Requests

Before looking for help elsewhere, please try to help yourself:

  * Read the Troubleshooting section herein.

  * Make sure the plugin is configured correctly by browsing to

  * Look to see if others have already asked about the same issue.
    There are tips and links for the best places to do this in
    the SquirrelMail mailing list posting guidelines:
    You should also try Google or some other search engine.

  * If you cannot find any information about your issue, please
    first mail your help request to the squirrelmail-plugins
    mailing list.  Information about it can be found here:
    You MUST read the mailing list posting guidelines (see above)
    and include as much information about your issue (and your
    system) as possible.  Including configtest output, any debug
    output, the plugin configuration settings you've made and
    anything else you can think of to make it easier to diagnose
    your problem will get you the most useful responses.  Inquiries
    that do not comply with the posting guidelines are liable to
    be ignored.

  * If you don't get any replies on the mailing list, you are
    welcome to send a help request to the authors' personal
    address(es), but please be patient with the mailing list.

Change Log

  v1.2  2018/04/23  Andrew Sachen <webmaster@realityripple.com>
    * Updated ca-bundle.crt
    * Standardized UID fetch, removing uid_support variable
    * Improve message body fetch failure response
    * Take send date into account
    * Display verify failure warnings

  v1.1  2017/10/13  Andrew Sachen <webmaster@realityripple.com>
    * Updated ca-bundle.crt
    * Fetch by UID and peek the body in all cases

  v1.1a 2015/07/02  Walter Hoehlhubmer <walter.h@mathemainzel.info>
    * Fix potential error messages and close PHP tags on files
    * Add states for unmodified, unverified unmodified, modified,
      unverified modified, and invalid signatures
    * Consolidate OpenSSL commands into a single script
    * Add complete cert viewer
    * Add SHA-1 and SHA-256 fingerprints

  v1.0  2012/01/01  Paul Lesniewski <paul@squirrelmail.org>
    * Improve email detection in signer certificates
    * Updated ca-bundle.crt (its location has also been
      changed, so if you use the $easycerts configuration
      setting, you will need to update it - see the example
      configuration file)
    * Remove use of deprecated ereg* functions

  v0.7  2008/09/19  Paul Lesniewski <paul@squirrelmail.org>
    * Fix issue where attachment would start showing below the
      message after having viewed the message at least once
    * Allow configuration files to be kept in the main
      SquirrelMail config directory
    * Updated for SquirrelMail 1.5.2 compatibility
    * Internationalized all output
    * General cleanup

  v0.6  2005/02/06  Paul Lesniewski <paul@squirrelmail.org>
    * Fixed command injection vulnerability (Thanks to iDEFENSE
      Labs for the professional manner in which they reported
      this issue)
    * Fixed superglobal access
    * Removed chdir statements
    * Distribution now only comes with config.php.sample
    * Other minor cleanup (SM_PATH, etc)

  v0.5  2004/05/04  Scott Heavner
    * Update for SquirrelMail v1.4.2
    * Fix IMAP header/get code that was blowing up
    * Dumb-down setup.php - no includes unless we're doing
      something, move guts to functions.php
    * include ca-bundle.crt (dump of netscape's default root
      store certificates)
    * automatically create cert_in dir if not exists
    * add more detail to INSTALL
    * release v0.5

  v0.4  2003/04/11  Antonio Vasconcelos <vasco@threatconn.com>
    * Modified to work with squirrelmail 1.2.11, PHP 4.3.1,
      openssl 0.9.7a in linux with kernel 2.4.18
    * See the file README.vasco

  v0.3  2002/02/08  Wouter Teepe <wouter@teepe.com>
    * Some small bugfixes

  v0.2  2001/10/25  Wouter Teepe <wouter@teepe.com>
    * ?