Commit 1be67193 authored by sikeda's avatar sikeda
Browse files

[bug] If an incoming message is encrypted, certificates of list members exist...

[bug] If an incoming message is encrypted, certificates of list members exist and any of them are invalid, message distribution by bulk.pl aborts and part of list members does not receive any messages.
Fixed by replacing outgoing messages with error messages if re-encryption by bulk.pl fails.


git-svn-id: https://subversion.renater.fr/sympa/branches/sympa-6.2-branch@12577 05aa8bb8-cd2b-0410-b1d7-8918dfa770ce
parent 06089955
......@@ -10154,24 +10154,24 @@ sub do_send_me {
'on');
 
# Check if re-encryption is possible.
if ($message->{'smime_crypted'}) {
unless ($message->dup->smime_encrypt($param->{'user'}{'email'})) {
# If encryption failed, send a generic error message:
# X509 cert missing.
$message = Sympa::Message->new_from_template(
$list,
'x509-user-cert-missing',
$param->{'user'}{'email'},
{ 'mail' => {
'sender' => $message->{sender},
'subject' => $message->{decoded_subject},
},
}
);
} else {
# Otherwise shelve re-encryption with S/MIME.
$message->{shelved}{smime_encrypt} = 1;
}
if ($message->{smime_crypted}) {
# unless ($message->dup->smime_encrypt($param->{'user'}{'email'})) {
# # If encryption failed, send a generic error message:
# # X509 cert missing.
# $message = Sympa::Message->new_from_template(
# $list,
# 'x509-user-cert-missing',
# $param->{'user'}{'email'},
# { 'mail' => {
# 'sender' => $message->{sender},
# 'subject' => $message->{decoded_subject},
# },
# }
# );
# } else {
# # Otherwise shelve re-encryption with S/MIME.
$message->{shelved}{smime_encrypt} = 1;
# }
}
 
# Overwrite original envelope sender. It is REQUIRED for delivery.
......
......@@ -1637,35 +1637,37 @@ sub get_recipients_per_mode {
next;
}
# Message should be re-encrypted, however, user certificate is missing.
if ($message->{'smime_crypted'}
and not -r $Conf::Conf{'ssl_cert_dir'} . '/'
. tools::escape_chars($user->{'email'})
and not -r $Conf::Conf{'ssl_cert_dir'} . '/'
. tools::escape_chars($user->{'email'} . '@enc')) {
my $subject = $message->{'decoded_subject'};
my $sender = $message->{'sender'};
unless (
Sympa::send_file(
$self,
'x509-user-cert-missing',
$user->{'email'},
{ 'mail' =>
{'subject' => $subject, 'sender' => $sender},
'auto_submitted' => 'auto-generated'
}
)
) {
$log->syslog(
'notice',
'Unable to send template "x509-user-cert-missing" to %s',
$user->{'email'}
);
}
next;
}
#XXX Following will be done by ProcessOutgoing spindle.
# # Message should be re-encrypted, however, user certificate is
# # missing.
# if ($message->{'smime_crypted'}
# and not -r $Conf::Conf{'ssl_cert_dir'} . '/'
# . tools::escape_chars($user->{'email'})
# and not -r $Conf::Conf{'ssl_cert_dir'} . '/'
# . tools::escape_chars($user->{'email'} . '@enc')) {
# my $subject = $message->{'decoded_subject'};
# my $sender = $message->{'sender'};
# unless (
# Sympa::send_file(
# $self,
# 'x509-user-cert-missing',
# $user->{'email'},
# { 'mail' =>
# {'subject' => $subject, 'sender' => $sender},
# 'auto_submitted' => 'auto-generated'
# }
# )
# ) {
# $log->syslog(
# 'notice',
# 'Unable to send template "x509-user-cert-missing" to %s',
# $user->{'email'}
# );
# }
# next;
# }
# # Otherwise it may be shelved encryption.
# Otherwise it may be shelved encryption.
if ($user->{'reception'} eq 'txt') {
if ($user->{'bounce_address'}) {
push @tabrcpt_txt_verp, $user->{'email'};
......
......@@ -321,8 +321,19 @@ sub _twist {
$list,
$rcpt
);
# Quarantine packet into bad spool.
return undef;
# If encryption failed, send a generic error message:
# X509 cert missing.
my $entity = Sympa::Message->new_from_template(
$list,
'x509-user-cert-missing',
$rcpt,
{ 'mail' => {
'sender' => $new_message->{sender},
'subject' => $new_message->{decoded_subject},
},
}
)->as_entity;
$new_message->set_entity($entity);
}
delete $new_message->{shelved}{smime_encrypt};
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment