Bug 152189

Summary: [RHEL4] s/mime digitally signed messages are not validated.
Product: Red Hat Enterprise Linux 4 Reporter: Jason Smith <smithj4>
Component: evolutionAssignee: Matthew Barnes <mbarnes>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: low    
Version: 4.0   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-02-03 07:30:07 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jason Smith 2005-03-25 20:50:34 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050322 Red Hat/1.7.6-1.4.1

Description of problem:
We are using s/mime signed email as part of our secure authorization service, but messages that I receive and view with evolution are never recognized as having valid s/mime signatures.  I even tested this with a message that I signed with my own certificate and sent to others in our group and viewed in the Sent folder.

Version-Release number of selected component (if applicable):
evolution-2.0.2-14

How reproducible:
Always

Steps to Reproduce:
1. Import my certificate into evolution.
2. Send a signed message to a co-worker who can validate my email with MS Outlook.
3. Either look in evolution's Sent folder or send a copy to myself also.
4. Read the email and evolution claims that the email has an "Invalid signature"

  

Actual Results:  evolution could not verify the digital signature properly.

Expected Results:  It should be validated since the same email viewed by co-workers using MS Outlook are validated properly.

Additional info:
Comment 1 Jason Smith 2005-03-28 22:26:52 UTC 
I would like to amend this bug report.  I discovered while importing a CA cert
into evolution that it prompts how you would like to trust the CA, letting you
edit its trust settings.  When I imported my personal cert like I described above,
which included the whole certificate chain, it did also import the root CA cert,
but it never asked me how I would like to trust it and just imported it with all
trust settings disabled.  Therefore, evolution wouldn't even trust email signed by
my own cert.  I had to manually edit the root CA and enable trusting it.  When
importing a whole certificate chain, including CAs that have never been seen
before, evolution should also prompt the user how they would like to trust that
new CA.
Comment 2 Matthew Barnes 2007-01-09 18:29:28 UTC 
This was never proposed for RHEL-4.

Is the problem still present in RHEL-5?
Comment 3 Matěj Cepl 2007-08-31 21:11:33 UTC 
Reporter, could you please reply to the previous question? If you won't reply in
one month, this bug will be closed as INSUFFICIENT_DATA. Thank you.
Comment 4 Jason Smith 2007-08-31 21:25:45 UTC 
I can't answer this because I haven't upgraded to RHEL5 yet.  Does this mean
that support for evolution in RHEL4 is done?
Comment 5 Matthew Barnes 2007-08-31 22:34:39 UTC 
Support for Evolution 2.0.2 in RHEL4 will continue for security updates only. 
RHEL4.6 will include an optional upgrade to the Evolution 2.8, similar to what
shipped in RHEL5.
Comment 6 Matthew Barnes 2008-02-03 07:30:07 UTC 
Evolution 2.0.2 is only being updated for security issues.  Closing as WONTFIX.
 Feel free to reopen if this bug is still present in the "evolution28" package.