Cisco Cisco Email Security Appliance C160 Mode D'Emploi

The escaping rules for the 

signed-certificate

 rule’s regular expressions differ from the escaping rules 

defined in LDAP-UTF8 by limiting escaping to only the characters that require escaping. LDAP-UTF8 
allows optional escaping for characters that can be represented without escaping. For example, the 
following two strings are considered correct for “Example, Inc.” using the LDAP-UTF8 escaping rules:

Example\, Inc.

Example\,\ Inc\.

However, the 

signed-certificate 

rule only matches 

Example\, Inc.

 The regular expression does not 

allow escaping the space and period for matching because these characters do not require escaping, even 
though it is permitted in LDAP-UTF8. When creating a regular expression for the 

signed-certificate 

rule, do not escape a character if it can be represented without escaping.

The action variable 

$CertificateSigners

 is a comma separated list of signers obtained from the 

subjectAltName

 element of the signing certificate. Multiple email addresses of a single signer will be 

included in the list with duplicates removed.

For example, Alice signs a message with her two certificates. Bob signs the message with his single 
certificate. All certificates are issued by a single corporate authority. After the message passes the 
S/MIME scan, the extracted data contain three items:

The 

$CertificateSigners

 variable expands to:

[

  {

    'issuer': 'CN=Auth,O=Example\, Inc.',

    'signer': ['alice@example.com', 'al@private.example.com']

  },

  {

    'issuer': 'CN=Auth,O=Example\, Inc.',

    'signer': ['alice@example.com', 'al@private.example.com']

  },

  {

    'issuer': 'CN=Auth,O=Example\, Inc.',

    'signer': ['bob@example.com', 'bob@private.example.com']

  }

]

"alice@example.com, al@private.example.com, bob@example.com, bob@private.example.com"