BUG REPORT: Error "invalid byte sequence for encoding" When Sending Mail Through PGP Universal

book

Article ID: 157456

calendar_today

Updated On:

Products

Symantec Products

Issue/Introduction

Certificates being used with a "commonName" attribute with ISO8859-1 encoding instead of the correct i.e. "T.61String" or "UTF8String" encoding.
 

This is not compliant with RFC 3641 (http://tools.ietf.org/rfc/rfc3641.txt) 3.3.b) "ChoiceOfStrings Types" which defines:
   b) The component type of each alternative is one of the following
      ASN.1 restricted string types: NumericString, PrintableString,
      TeletexString (T61String), VideotexString, IA5String,
      GraphicString, VisibleString (ISO646String), GeneralString,
      BMPString, UniversalString or UTF8String.

Unfortunately, it's quite common with several vendors and products like OpenSSL, Microsoft Internet Explorer and Netscape to use ISO-8859-1 instead of the standard compliant encoding.

 

After importing such a certificate into PGP Universal and sending a mail though the server as the imported user the following error might occur.

SMTP-00000: SMTP connection from 10.0.0.100:22797 (local address is 10.0.0.1:25)
SMTP-00000: message <[email protected]> from [email protected] (1 recipient)
SMTP-00000: SQL command execution error: ERROR: invalid byte sequence for encoding "UTF8": 0xf8
SMTP-00000: error handling SMTP DATA event: unknown error
SMTP-00000: pgpproxy: Error processing SMTP message, awaiting next client command. (-11980)
SMTP-00000: connection from 10.0.0.100:22797 closed

Cause

PGP Universal expects the "commonName" attribute to be UTF8 and fails parsing it if a non standard compliant encoding is used.

Resolution

In PGP Universal 3.2.1 MP5 a fix was implemented to handle such certificates.
If the "commonName" attribute is not UTF-8 it is considered ISO-8859-1 to be compliant with other vendors that use this non standard configuration.

Per the Release Notes:
2950213: PGP Universal Server now supports the T.61 character set for the commonName attribute on imported X.509 certificates.

 

This version/Maintenance Pack is available for download via your account on Symantec File Connect.


Applies To

PGP Universal versions below 3.2.1 MP5 (build 5033) using certificates with ISO-8859-1 encoded "commonName" attribute.