You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Yes indeed the doc string is copy pasted, my bad :)
The validation of the mic happens in Mdn.parse
adiroiban
changed the title
cms.verify_message should validate the value of Received-Content-MIC
cms.verify_message should validate the value of Received-Content-MIC for unsigned sent files or fail when MIC is missing.
Aug 7, 2020
Also, when sending a plain file, without signature, but requesting a signed MDN, the MIC is also not checked since I guess the orig_message.mic does not have a MIC.
When validating a MDN, the current code only checks for a valid signature.
But I think that it should also read the Received-Content-MIC value and make sure it is the expected value.
Also, I think that the docstring has a copy/paste error.
I guess that the verify_message arguments should be extended to also pass the expected MIC value.
Thanks!
The text was updated successfully, but these errors were encountered: