Hi,
I'm getting the following error/warning when sending compressed messages with mendelson opensource AS2 1.1 b27 as sender and OpenAS2 as receiver:
The Message Integrity Code (MIC) does not match the sent AS2 message...
After a bit of debugging, it seems that mendelson server is calculating the MIC against the decompressed data instead of the signed data. (http://tools.ietf.org/html/draft-ietf-ediint-compression-12)
Am I right or I am doing something wrong ?
Regards,
Gabi
jorgero,
we will check the MIC calculation for this case, thank you. Anyway, you are right for signed messages:
"For any signed message, the MIC to be returned is calculated over the same data that was signed in the original message as per [AS1].The signed content will be a mime bodypart that contains either compressed or uncompressed data."
Regards
Heller
Gabi,
we fixed this, it will be available in the next version
Regards
Heller
It sounds great!
Big thanks,
Gabi
Hello,
I though that OpenAS2 did not handle compression at all...
Is it new ?
If not, it can explain bad MIC compute ...
crownedgrouse,
It was an error in our implementation, we computed the MIC over the uncompressed data, not the data to be signed.
Regards
Heller