BUG REPORT: Error "invalid byte sequence for encoding" When Sending Mail Through PGP Universal
|Article:TECH200733|||||Created: 2012-12-11|||||Updated: 2012-12-11|||||Article URL http://www.symantec.com/docs/TECH200733|
Certificates being used with a "commonName" attribute with ISO8859-1 encoding instead of the correct i.e. "T.61String" or "UTF8String" encoding.
This is not compliant with RFC 3641 (http://tools.ietf.org/rfc/rfc3641.txt) 3.3.b) "ChoiceOfStrings Types" which defines:
ASN.1 restricted string types: NumericString, PrintableString,
TeletexString (T61String), VideotexString, IA5String,
GraphicString, VisibleString (ISO646String), GeneralString,
BMPString, UniversalString or UTF8String.
Unfortunately, it's quite common with several vendors and products like OpenSSL, Microsoft Internet Explorer and Netscape to use ISO-8859-1 instead of the standard compliant encoding.
After importing such a certificate into PGP Universal and sending a mail though the server as the imported user the following error might occur.
SMTP-00000: SMTP connection from 10.0.0.100:22797 (local address is 10.0.0.1:25)
SMTP-00000: message <86B77CEC485E2B489038F5A375F10D55034AC8@internal.tld> from firstname.lastname@example.org (1 recipient)
SMTP-00000: SQL command execution error: ERROR: invalid byte sequence for encoding "UTF8": 0xf8
SMTP-00000: error handling SMTP DATA event: unknown error
SMTP-00000: pgpproxy: Error processing SMTP message, awaiting next client command. (-11980)
SMTP-00000: connection from 10.0.0.100:22797 closed
PGP Universal versions below 3.2.1 MP5 (build 5033) using certificates with ISO-8859-1 encoded "commonName" attribute.
PGP Universal expects the "commonName" attribute to be UTF8 and fails parsing it if a non standard compliant encoding is used.
In PGP Universal 3.2.1 MP5 a fix was implemented to handle such certificates.
If the "commonName" attribute is not UTF-8 it is considered ISO-8859-1 to be compliant with other vendors that use this non standard configuration.
Per the Release Notes:
2950213: PGP Universal Server now supports the T.61 character set for the commonName attribute on imported X.509 certificates.
This version/Maintenance Pack is available for download via your account on Symantec File Connect.
Article URL http://www.symantec.com/docs/TECH200733