The libopendkim documentation states that "dkim_add_xtag() can be called
at any time prior to signature generation" which apoears to be true.
However, in my testing, in order for the 'x' tag to be included as part
of the signature calculation, dkim_add_xtag() needs to be called prior
to dkim_eom(). Otherwise, dkim_get_sighdr_d() will include the 'x' tag
in the header, but it wouldn't have been included in the signature
calculation, therefore verification will always fail.
I think that the dkim_add_xtag() documentation should be fixed to
reflect this behavior.
That being said, is there a way for an application to extract an 'x' tag
from a verifying handle?
--
Kenneth Murchison
Principal Systems Software Engineer
Carnegie Mellon University
Received on Fri Aug 31 2012 - 16:46:24 PST