backendIMAP: S/MIME decryption broken for IOS 12.x devices with z-push



  • When receiving encrypted email on IOS 12.x thru z-push, the IOS devices now complains with:

    “This message is encrypted. Install a profile containing your encryption identity to decrypt this message”

    The correct certificate is deployed and was working in previous IOS versions.

    It turns out that IOS 12.x does not like the fix from KD 2015-06-04:

    backend/imap/imap.php:
    
                        case SYNC_BODYPREFERENCE_MIME:
                            if ($is_smime) {
                                if ($is_encrypted) {
                                    // #190, KD 2015-06-04 - If message body is encrypted only send the headers, as data should only be in the attachment
                                    // IOS 12.x now doesn't like to get just the headers:
                                    // $data = $mail_headers;
                                    $data = $mail;
                                }
                                else {
                                    $data = $mail;
    

    returning $mail instead of $mail_headers for encrypted mime fixes message reading again on all our IOS devices, however that patch is sloppy. I think should add version check to either return $mail or $mail_headers. Also not sure at what IOS version exactly needs that change.


Log in to reply