Fixed another "There is already an open DataReader" error

jstedfast · jstedfast · commit 230db541fce6 · 2025-03-05T09:56:29.000-05:00
X509CertificateDatabase.Find(...) methods keep the DataReader open until we break out of the foreach loop and CreateCmsSigner(record) invokes another db command, so we need to break out of the foreach loop before calling CreateCmsSigner(record). Fixes #1142 (comment)
diff --git a/MimeKit/Cryptography/DefaultSecureMimeContext.cs b/MimeKit/Cryptography/DefaultSecureMimeContext.cs
@@ -559,6 +559,7 @@ CmsSigner CreateCmsSigner (X509CertificateRecord record, DigestAlgorithm digestA
 		protected override CmsSigner GetCmsSigner (MailboxAddress mailbox, DigestAlgorithm digestAlgo)
 		{
 			X509CertificateRecord domain = null;
+			X509CertificateRecord signer = null;
 
 			foreach (var record in dbase.Find (mailbox, DateTime.UtcNow, true, CmsSignerFields)) {
 				if (record.KeyUsage != X509KeyUsageFlags.None && (record.KeyUsage & DigitalSignatureKeyUsageFlags) == 0)
@@ -573,11 +574,15 @@ protected override CmsSigner GetCmsSigner (MailboxAddress mailbox, DigestAlgorit
 					continue;
 				}
 
-				return CreateCmsSigner (record, digestAlgo);
+				signer = record;
+				break;
 			}
 
-			if (domain != null)
-				return CreateCmsSigner (domain, digestAlgo);
+			// fall back to a domain-wide signing certificate if an explicit signer was not found
+			signer ??= domain;
+
+			if (signer != null)
+				return CreateCmsSigner (signer, digestAlgo);
 
 			throw new CertificateNotFoundException (mailbox, "A valid signing certificate could not be found.");
 		}

Original file line number	Diff line number	Diff line change
`@@ -559,6 +559,7 @@ CmsSigner CreateCmsSigner (X509CertificateRecord record, DigestAlgorithm digestA`
`559`	`559`	`protected override CmsSigner GetCmsSigner (MailboxAddress mailbox, DigestAlgorithm digestAlgo)`
`560`	`560`	`{`
`561`	`561`	`X509CertificateRecord domain = null;`
	`562`	`+ X509CertificateRecord signer = null;`
`562`	`563`
`563`	`564`	`foreach (var record in dbase.Find (mailbox, DateTime.UtcNow, true, CmsSignerFields)) {`
`564`	`565`	`if (record.KeyUsage != X509KeyUsageFlags.None && (record.KeyUsage & DigitalSignatureKeyUsageFlags) == 0)`
`@@ -573,11 +574,15 @@ protected override CmsSigner GetCmsSigner (MailboxAddress mailbox, DigestAlgorit`
`573`	`574`	`continue;`
`574`	`575`	`}`
`575`	`576`
`576`		`- return CreateCmsSigner (record, digestAlgo);`
	`577`	`+ signer = record;`
	`578`	`+ break;`
`577`	`579`	`}`
`578`	`580`
`579`		`- if (domain != null)`
`580`		`- return CreateCmsSigner (domain, digestAlgo);`
	`581`	`+ // fall back to a domain-wide signing certificate if an explicit signer was not found`
	`582`	`+ signer ??= domain;`
	`583`	`+`
	`584`	`+ if (signer != null)`
	`585`	`+ return CreateCmsSigner (signer, digestAlgo);`
`581`	`586`
`582`	`587`	`throw new CertificateNotFoundException (mailbox, "A valid signing certificate could not be found.");`
`583`	`588`	`}`