BUG REPORT: Error "invalid byte sequence for encoding" When Sending Mail Through PGP Universal

Article:TECH200733  |  Created: 2012-12-11  |  Updated: 2012-12-11  |  Article URL http://www.symantec.com/docs/TECH200733
Article Type
Technical Solution

Product(s)

Issue



Certificates being used with a "commonName" attribute with ISO8859-1 encoding instead of the correct i.e. "T.61String" or "UTF8String" encoding.
 

This is not compliant with RFC 3641 (http://tools.ietf.org/rfc/rfc3641.txt) 3.3.b) "ChoiceOfStrings Types" which defines:
   b) The component type of each alternative is one of the following
      ASN.1 restricted string types: NumericString, PrintableString,
      TeletexString (T61String), VideotexString, IA5String,
      GraphicString, VisibleString (ISO646String), GeneralString,
      BMPString, UniversalString or UTF8String.

Unfortunately, it's quite common with several vendors and products like OpenSSL, Microsoft Internet Explorer and Netscape to use ISO-8859-1 instead of the standard compliant encoding.

 


Error



After importing such a certificate into PGP Universal and sending a mail though the server as the imported user the following error might occur.

SMTP-00000: SMTP connection from 10.0.0.100:22797 (local address is 10.0.0.1:25)
SMTP-00000: message <86B77CEC485E2B489038F5A375F10D55034AC8@internal.tld> from sender@internal.tld (1 recipient)
SMTP-00000: SQL command execution error: ERROR: invalid byte sequence for encoding "UTF8": 0xf8
SMTP-00000: error handling SMTP DATA event: unknown error
SMTP-00000: pgpproxy: Error processing SMTP message, awaiting next client command. (-11980)
SMTP-00000: connection from 10.0.0.100:22797 closed


Environment



PGP Universal versions below 3.2.1 MP5 (build 5033) using certificates with ISO-8859-1 encoded "commonName" attribute.


Cause



PGP Universal expects the "commonName" attribute to be UTF8 and fails parsing it if a non standard compliant encoding is used.


Solution



In PGP Universal 3.2.1 MP5 a fix was implemented to handle such certificates.
If the "commonName" attribute is not UTF-8 it is considered ISO-8859-1 to be compliant with other vendors that use this non standard configuration.

Per the Release Notes:
2950213: PGP Universal Server now supports the T.61 character set for the commonName attribute on imported X.509 certificates.

 

This version/Maintenance Pack is available for download via your account on Symantec File Connect.


Supplemental Materials

SourceETrack
Value2950213


Article URL http://www.symantec.com/docs/TECH200733


Terms of use for this information are found in Legal Notices