095f68d943
- Correct dkim.verify processing to avoid errors when verifying messages
...
with no DKIM signatures
2020-04-06 00:27:04 -04:00
443aed143a
- Correct signature indexing error introduced in 1.0.0 that prevents
...
verification of multiple signatures in a single message
2020-01-15 11:03:07 -05:00
dc2f7f07f2
- dknewkey: On posix operating systems set file permissions to 600 for ed25519 private key files (as is already done for RSA) (LP: #1857827 )
2019-12-31 01:17:19 -05:00
5a0824108d
Provide specialized error message when signing or verifying ed25519
...
signatures and pynacl is not installed (LP: #1854475 )
2019-12-15 01:12:02 -05:00
6c5f701131
Follow CNAMES when looking up key records when using DNS (pydns)
...
(LP: #1856421 )
2019-12-15 00:42:31 -05:00
f680dd879b
Merge async work into master for 1.0
2019-12-09 09:18:25 -05:00
7173c0cbcc
Catch binascii related key format errors (LP: #1854477 )
2019-12-08 02:43:57 -05:00
4d2f425ae3
- Support signature verification with SubjectPublicKeyInfo formatted keys
...
since, although rare, they are RFC 6376 specified (LP: #1851862 )
2019-11-08 23:19:17 -05:00
5893862e31
New keys and test cases for RSA key format variants like RSAPublicKey
2019-11-08 23:13:26 -05:00
7972217756
DKIM.verify: Refactor to minimize code duplication in dkim.asyncsupport.
2019-11-05 21:36:06 -05:00
9bdb451cd8
DKIM.verify_sig: Refactor to minimize code duplication in dkim.asyncsupport.
2019-11-05 21:10:28 -05:00
3de1dc0362
Refactor load_pk_from_dns to reduce code duplication between async and non-async.
2019-11-05 08:34:13 -05:00
2973852fbb
- Add new DKIM.present function to allow applications to test if a DKIM
...
signature is present without doing validation (LP: #1851141 )
2019-11-03 11:57:30 -05:00
3dda94ca2d
Initial async support - works but so much overriding ...
2019-11-02 11:15:36 -04:00
2dc071962d
Don't error out on dnsplug tests is DNS/dns isn't installed as preparation for adding async/aiodns support
2019-11-01 17:24:16 -04:00
fa93e56fa2
Minor timeout and tlsprt cleanups
2019-11-01 17:22:15 -04:00
ebe8fc7c77
Add support for RFC 8460 tlsrpt DKIM signature processing (LP: #1847020 )
2019-10-31 20:53:06 -04:00
69049feda1
Add test for l= processing
2019-10-31 20:45:20 -04:00
5487f798ac
Documentation updates
2019-10-30 18:52:36 -04:00
1f2597a666
- Add new timeout parameter to enable DNS lookup timeouts to be adjusted
...
- Drop usage of pymilter Milter.dns in dnsplug since it doesn't support
havine a timeout passed to it
2019-10-30 18:46:31 -04:00
6db388df39
Ignore unknown service types in key records (LP: #1847020 )
2019-10-07 08:34:05 -04:00
8365b52ac8
- Fix default canonicalization for DKIM signature verification to be
...
simple/simple per RFC 6376 (LP: #1839299 ) (Thanks to Cyril Nicodème for
the report and a suggested fix)
2019-08-09 09:21:26 -04:00
0019bad372
- Fix linesep setting in arcsign script (LP: #1838262 ) (Thanks to Gowtham
...
Gopalakrishnan for the report and the patch)
2019-08-04 17:51:27 -04:00
7766ffd7ab
Update copyright statements
2019-04-14 22:57:35 -04:00
a1b6e73ae1
- Add additional text documenting use of srv_id for ARC signing (LP: #1808301 )
2019-04-14 22:21:45 -04:00
aa5419b7d9
Fix cv=none processing for initial signature in chain
2019-04-14 22:17:41 -04:00
0ce3775afa
Fix the arcsign script so it works with the current API
2019-04-14 22:10:36 -04:00
1bf505995f
Clean up obsolete test data
2019-04-13 21:35:43 -04:00
439d66e1e1
Resolve merge conflicts
2019-04-13 21:21:49 -04:00
fd3f501787
Update dkim/tests/test_arc.py for changes in dkim.fold
2019-04-13 20:54:13 -04:00
93e647c8de
Set maxlen to 71 for subsequent lines since we already have a leading space (LP: #1823006 ), make doctest demonstrate the problem.
2019-04-13 20:53:16 -04:00
118e854889
- Clarify the crlf does not count towards line length in fold
...
(LP: #1823008 )
2019-04-13 15:05:04 -04:00
43c91feac6
Document content debugging parameter.
2018-12-31 09:17:53 -05:00
4175d75534
Merge remote-tracking branch 'upstream/master' into content_debugging
2018-12-31 09:10:24 -05:00
6bc38aaf9b
add line separator support
2018-12-23 13:26:05 +01:00
25b2eb72b2
Merge remote-tracking branch 'jbfzs/beautifold'
2018-12-23 01:54:39 -05:00
6b4127f920
Don't insert an extra space at the end of the line when doing a soft fold.
...
Trailing whitespaces are best avoided.
2018-12-12 21:30:56 -05:00
2d474d6b04
Do not take the name length into account on the second line when folding.
...
Setting namelen could have no effect, my guess is that this was the
original intention of the code.
This results in more efficient usage of lines.
2018-12-12 21:14:08 -05:00
82bef5983b
Don't log message content by default.
...
Right now, it is quite easy to end up logging the whole message in the
log when verifying signatures. This can result in wasted resources
writing the log to disk and increasing memory usage. This can also be
a private data leak if logging is put in DEBUG in a production
environment.
2018-12-12 15:30:47 -05:00
882d14c514
Avoid making a fresh slice of the whole email on each iteration.
...
An update to yesterday's patch. Should avoid copying the mail byte
string more than once.
Tested on Python 2.7 and 3.6.
2018-12-12 13:41:48 -05:00
7dee16a5b1
Refactor canonicalization.py strip_trailing_lines to avoid using re for more consistent processing across python versions
2018-12-11 14:34:34 -05:00
72f58200e3
- Refactored dknewkey so that it correctly writes out text instead of bytes
2018-12-08 17:32:56 -05:00
c3eb342611
Fixed ARC verification to fail is h= tag is present in Arc-Seal, added test, bumped version to start 0.9.1
2018-11-09 19:58:11 -05:00
267e62115e
- Added missing documentation for timestamp function dkim.arc_sign
...
(LP: #1800314 )
2018-10-30 11:52:43 -04:00
09d4c3d84d
Fix @since for add_should_not
2018-10-30 11:40:20 -04:00
8032276b57
Bump version to 0.9.0 since this is now a feature release
...
- Update oversigned (frozen) header field list to reduce signature
fragility (removes 'date' and 'subject' fields from being oversigned by
default - see usage section of README for information on how to restore
the previous behavior)
- Added new add_should_not for DKIM/ARC classes to prevent additional
header fields from being signed
- Added 'from' to should sign list (to prevent it from not being signed at
all in the unusual event that 'from' is locally removed from the frozen
header field set (LP: #1525048 )
- Updates for experimental ARC support:
- Specified that for ARC, Authentication-Results should not be signed
2018-10-30 11:29:09 -04:00
82d01d8a42
- Raise error when ARC signing if i= instance limit value of 50 is
...
exceeded
2018-10-30 08:55:32 -04:00
cd0ebc1ecb
- Updates for experimental ARC support:
...
- Limit to rsa-sha256, rsa-sha1 not used by ARC and multi-signature
design TBD
2018-10-30 08:13:06 -04:00
5349a9f813
Add support for EAI addresses in domains and selectors (John Levine)
2018-10-29 21:55:12 -04:00
3c2beaf70e
- Python 3.7 compatibility fixup for dkim.canonicalization.
...
strip_trailing_lines due to changed RE.sub() processing (LP: #1800313 )
2018-10-29 19:53:12 -04:00
Scott Kitterman