BUG REPORT: Error "invalid byte sequence for encoding" When Sending Mail Through PGP Universal

Article:TECH200733

Created: 2012-12-11

Updated: 2012-12-11

Article URL http://www.symantec.com/docs/TECH200733

Article Type
Technical Solution

Product(s)

Show all

Languages

Show all

Problem

Certificates being used with a "commonName" attribute with ISO8859-1 encoding instead of the correct i.e. "T.61String" or "UTF8String" encoding.

This is not compliant with RFC 3641 (http://tools.ietf.org/rfc/rfc3641.txt) 3.3.b) "ChoiceOfStrings Types" which defines:
   b) The component type of each alternative is one of the following
      ASN.1 restricted string types: NumericString, PrintableString,
      TeletexString (T61String), VideotexString, IA5String,
      GraphicString, VisibleString (ISO646String), GeneralString,
      BMPString, UniversalString or UTF8String.

Unfortunately, it's quite common with several vendors and products like OpenSSL, Microsoft Internet Explorer and Netscape to use ISO-8859-1 instead of the standard compliant encoding.

Error

After importing such a certificate into PGP Universal and sending a mail though the server as the imported user the following error might occur.

SMTP-00000: SMTP connection from 10.0.0.100:22797 (local address is 10.0.0.1:25)
SMTP-00000: message <86B77CEC485E2B489038F5A375F10D55034AC8@internal.tld> from sender@internal.tld (1 recipient)
SMTP-00000: SQL command execution error: ERROR: invalid byte sequence for encoding "UTF8": 0xf8
SMTP-00000: error handling SMTP DATA event: unknown error
SMTP-00000: pgpproxy: Error processing SMTP message, awaiting next client command. (-11980)
SMTP-00000: connection from 10.0.0.100:22797 closed

Environment

PGP Universal versions below 3.2.1 MP5 (build 5033) using certificates with ISO-8859-1 encoded "commonName" attribute.

Cause

PGP Universal expects the "commonName" attribute to be UTF8 and fails parsing it if a non standard compliant encoding is used.

Solution

In PGP Universal 3.2.1 MP5 a fix was implemented to handle such certificates.
If the "commonName" attribute is not UTF-8 it is considered ISO-8859-1 to be compliant with other vendors that use this non standard configuration.

Per the Release Notes:
2950213: PGP Universal Server now supports the T.61 character set for the commonName attribute on imported X.509 certificates.

This version/Maintenance Pack is available for download via your account on Symantec File Connect.

Supplemental Materials

Source	ETrack
Value	2950213