fix(mail): check if smime certificate matches sender address

Fixes #5407
Alinto · Nov 2, 2021 · ab67e7d · ab67e7d
1 parent 9622a1e
commit ab67e7d
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/UI/MailPartViewers/UIxMailPartSignedViewer.m b/UI/MailPartViewers/UIxMailPartSignedViewer.m
@@ -202,11 +202,15 @@ - (void) _processMessage
   if (validSignature)
     {
       BOOL hasMatchingAddress;
-      NSArray *pair;
+      NSArray *pair, *attributes;
       NSDictionary *certificate, *values;
       NSEnumerator *certificatesList, *subjectList;
       NSString *senderAddress, *label, *value;
 
+      // See https://datatracker.ietf.org/doc/html/rfc8550#section-3
+      // See https://datatracker.ietf.org/doc/html/rfc8550#section-4.4.3
+      // TODO: handle multiple email addresses in SubjectAltName
+      attributes = [NSArray arrayWithObjects: @"commonname", @"subjectaltname", @"emailaddress", nil];
       validationMessage = [self labelForKey: @"Message is signed"];
       hasMatchingAddress = NO;
       value = nil;
@@ -219,7 +223,7 @@ - (void) _processMessage
             {
               label = [[pair objectAtIndex: 0] lowercaseString];
               value = [[pair objectAtIndex: 1] lowercaseString];
-              if ([label isEqualToString: @"commonname"] && [value isEqualToString: senderAddress])
+              if ([attributes containsObject: label] && [value isEqualToString: senderAddress])
                 {
                   hasMatchingAddress = 1;
                 }