9503fd60b0
Final commit, I've learned my lesson
2025-10-16 04:01:34 +07:00
5b9aaba817
dkim files
2025-10-09 01:49:59 +07:00
21b9410f4f
Correctly handle verification of signatures without t= (timestamp) and with x= (expiration); both are optional (LP: 2071892)
2024-07-04 18:09:50 -04:00
1ffa2cb090
Correct signature in ARC-Seal on LF as linesep (LP: #2052720 ) - Thanks to Nikolay Vizovitin for the report and the fix
2024-06-23 17:26:31 -04:00
71f5d118e6
- Correct line separtor after AAR header field (LP: #2049018 ) - Thanks to Nikolay Vizovitin for the report and the fix
2024-06-23 17:16:44 -04:00
9380655a6e
Correct ARC signing for AR headers with authres-version or comments before resinfo (LP: #2052526 ) - Thanks to Nikolay Vizovitin for the report and the fix
2024-06-23 17:06:31 -04:00
ed5931c0c9
Fix error in validate_signature_fields which prevented signature expiration from being properly evaluated (LP: #2068937 )
2024-06-23 16:34:58 -04:00
073a0a1169
Use raw byte string for regex
...
Fixes SyntaxWarning in Python 3.12 due to invalid escape sequence.
2024-03-07 16:51:24 +01:00
8cf323d4ea
Confine errors from dnspython to dnsplug and use dkim errors, since dkim.__init__.py doesn't import dns and needs dkim errors (LP: #2018646 )
2023-05-12 01:13:46 -04:00
2fc00b0218
Catch nacl.exceptions.ValueError and raise KeyFormatError, similar to how RSA key errors are treated (LP: #2018021 )
2023-04-29 00:09:14 -04:00
264230308c
fix correct AMS header selection
...
When we are verifying the ARC seal we need to fetch the raw AMS header
from the header list. But it's not enough to return the first one we
find, since we may be interested in a different arc seal, we need
to search for the correct ARC index.
2023-03-30 16:02:46 +01:00
59e9dd2cb5
Correct base64 validation regexp so that valid signature with == split
...
between two lines are not incorrectly evaluated as invalid (LP:
#2002295 ) - Thanks to <https://launchpad.net/~obadz > for the report and
the proposed fix
2023-02-25 17:16:53 -05:00
2115a5e9f8
Invalid Authentication-Results header fields are ignored for ARC signing
...
(LP: #1884044 )
2023-02-25 17:10:17 -05:00
b74452d9da
Add new dkim.DnsTimeoutError class to report queried domain and selector
...
along with timeout error from dnspython (LP: #1873449 )
2023-02-25 16:44:06 -05:00
233a9699ed
Add USE_ASYNC flag to allow async to be disabled when aiodns is
...
installed (LP: #1954331 ) - see README.md for details
2023-02-25 16:25:20 -05:00
f4dff24d68
Add domain validity check for ascii domains (no specials)
2022-01-16 18:21:10 -05:00
6dcaaac712
Provide more specific error message when ed25519 private key is invalid
2021-11-24 15:37:06 -05:00
9c8e46eb5c
Fix @param srv_id typos (LP: #1890532 )
2020-08-08 17:04:34 -04:00
095f68d943
- Correct dkim.verify processing to avoid errors when verifying messages
...
with no DKIM signatures
2020-04-06 00:27:04 -04:00
443aed143a
- Correct signature indexing error introduced in 1.0.0 that prevents
...
verification of multiple signatures in a single message
2020-01-15 11:03:07 -05:00
5a0824108d
Provide specialized error message when signing or verifying ed25519
...
signatures and pynacl is not installed (LP: #1854475 )
2019-12-15 01:12:02 -05:00
f680dd879b
Merge async work into master for 1.0
2019-12-09 09:18:25 -05:00
7173c0cbcc
Catch binascii related key format errors (LP: #1854477 )
2019-12-08 02:43:57 -05:00
7972217756
DKIM.verify: Refactor to minimize code duplication in dkim.asyncsupport.
2019-11-05 21:36:06 -05:00
9bdb451cd8
DKIM.verify_sig: Refactor to minimize code duplication in dkim.asyncsupport.
2019-11-05 21:10:28 -05:00
3de1dc0362
Refactor load_pk_from_dns to reduce code duplication between async and non-async.
2019-11-05 08:34:13 -05:00
2973852fbb
- Add new DKIM.present function to allow applications to test if a DKIM
...
signature is present without doing validation (LP: #1851141 )
2019-11-03 11:57:30 -05:00
3dda94ca2d
Initial async support - works but so much overriding ...
2019-11-02 11:15:36 -04:00
fa93e56fa2
Minor timeout and tlsprt cleanups
2019-11-01 17:22:15 -04:00
ebe8fc7c77
Add support for RFC 8460 tlsrpt DKIM signature processing (LP: #1847020 )
2019-10-31 20:53:06 -04:00
5487f798ac
Documentation updates
2019-10-30 18:52:36 -04:00
1f2597a666
- Add new timeout parameter to enable DNS lookup timeouts to be adjusted
...
- Drop usage of pymilter Milter.dns in dnsplug since it doesn't support
havine a timeout passed to it
2019-10-30 18:46:31 -04:00
6db388df39
Ignore unknown service types in key records (LP: #1847020 )
2019-10-07 08:34:05 -04:00
8365b52ac8
- Fix default canonicalization for DKIM signature verification to be
...
simple/simple per RFC 6376 (LP: #1839299 ) (Thanks to Cyril Nicodème for
the report and a suggested fix)
2019-08-09 09:21:26 -04:00
7766ffd7ab
Update copyright statements
2019-04-14 22:57:35 -04:00
a1b6e73ae1
- Add additional text documenting use of srv_id for ARC signing (LP: #1808301 )
2019-04-14 22:21:45 -04:00
aa5419b7d9
Fix cv=none processing for initial signature in chain
2019-04-14 22:17:41 -04:00
439d66e1e1
Resolve merge conflicts
2019-04-13 21:21:49 -04:00
93e647c8de
Set maxlen to 71 for subsequent lines since we already have a leading space (LP: #1823006 ), make doctest demonstrate the problem.
2019-04-13 20:53:16 -04:00
118e854889
- Clarify the crlf does not count towards line length in fold
...
(LP: #1823008 )
2019-04-13 15:05:04 -04:00
43c91feac6
Document content debugging parameter.
2018-12-31 09:17:53 -05:00
4175d75534
Merge remote-tracking branch 'upstream/master' into content_debugging
2018-12-31 09:10:24 -05:00
6bc38aaf9b
add line separator support
2018-12-23 13:26:05 +01:00
6b4127f920
Don't insert an extra space at the end of the line when doing a soft fold.
...
Trailing whitespaces are best avoided.
2018-12-12 21:30:56 -05:00
2d474d6b04
Do not take the name length into account on the second line when folding.
...
Setting namelen could have no effect, my guess is that this was the
original intention of the code.
This results in more efficient usage of lines.
2018-12-12 21:14:08 -05:00
82bef5983b
Don't log message content by default.
...
Right now, it is quite easy to end up logging the whole message in the
log when verifying signatures. This can result in wasted resources
writing the log to disk and increasing memory usage. This can also be
a private data leak if logging is put in DEBUG in a production
environment.
2018-12-12 15:30:47 -05:00
c3eb342611
Fixed ARC verification to fail is h= tag is present in Arc-Seal, added test, bumped version to start 0.9.1
2018-11-09 19:58:11 -05:00
267e62115e
- Added missing documentation for timestamp function dkim.arc_sign
...
(LP: #1800314 )
2018-10-30 11:52:43 -04:00
09d4c3d84d
Fix @since for add_should_not
2018-10-30 11:40:20 -04:00
8032276b57
Bump version to 0.9.0 since this is now a feature release
...
- Update oversigned (frozen) header field list to reduce signature
fragility (removes 'date' and 'subject' fields from being oversigned by
default - see usage section of README for information on how to restore
the previous behavior)
- Added new add_should_not for DKIM/ARC classes to prevent additional
header fields from being signed
- Added 'from' to should sign list (to prevent it from not being signed at
all in the unusual event that 'from' is locally removed from the frozen
header field set (LP: #1525048 )
- Updates for experimental ARC support:
- Specified that for ARC, Authentication-Results should not be signed
2018-10-30 11:29:09 -04:00
Diskette Guy