Bug 449721

Summary: evolution problems signing (not encrypting) with SSL cert
Product: [Fedora] Fedora Reporter: Andrew Grimberg <tykeal>
Component: evolutionAssignee: Matthew Barnes <mbarnes>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 9CC: mcrha
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-06-03 13:57:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Andrew Grimberg 2008-06-03 05:41:20 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20080416 Fedora/ Firefox/

Description of problem:
I recently upgraded from Fedora 8 to Fedora 9 and evolution started complaining when trying to send signed mail.  I get a dialog stating this:

'Could not create message.

Because "Cannot add SMIMEEncKeyPrefs attribute", you may need to select different mail options.'

This is a transplanted configuration by using the 'Backup Settings' tool in Evolution on Fedora 8.

The mail will send if I disable S/MIME Sign and do an S/MIME Encrypt.

I went so far as to build a clean Evolution profile and reimported my certificate to the exact same results.

A side note, encrypted messages that setup to be include self as an encryptee can not be read.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Acquire SSL signing certificate (I'm using a free one from Thawte)
2. Import SSL certificate
3. Add certificate to email account for signing and encrypting
4. Verify that 'Digitally sign outging messages (by default)' and 'Also encrypt to self when sending encrypted mail' are selected in the Security setup.
5. Generate a mail and try sending (make sure Security->S/MIME Sign is selected)
6. See annoying dialog box
7. For testing Encryption (only) unselect Security->S/MIME Sign and select Security->S/MIME Encrypt
8. Notice mail is sent
9. Check sent mail and try reading message and see 'Decoder failed, error -8147'

Actual Results:
Phase 1 (up to step 6) I see an error dialog telling me that Evolution "Cannot add SMIMEEncKeyPrefs attribute".

Step 7 - 9 I get a mail generated but am unable to read the message that was supposed to be self encrypted back to me in the Sent folder.

Expected Results:
Mail should have been sent signed and / or encrypted with the ability to decrypt the sent mail.

Additional info:

Comment 1 Andrew Grimberg 2008-06-03 13:06:41 UTC
Just an update.  As I was doing my encryption testing to my account at work
which is currently checked from a Fedora 7 (evolution-2.10.3-9) system.  The
encryption worked just fine (as in I can decrypt the message) however, as
stated, the mail couldn't be signed so the receiving end states that it can't
guarantee authenticity since it isn't signed.

Comment 2 Milan Crha 2008-06-03 13:24:17 UTC
Do you see any error messages on the console when trying this in F9? I'm not
sure whether these are shown on the evolution's or evolution-data-server's
console, though. (To run evolution-data-server on its own console, you should
close evolution and run command "evolution --force-shutdown" first, because
there cannot run more than one eds instance at the moment).

Comment 3 Matthew Barnes 2008-06-03 13:33:05 UTC
You might also try this:

Comment 4 Andrew Grimberg 2008-06-03 13:52:27 UTC
Yes, that was the problem all along.  I find it frustrating that the error isn't
clear enough to tell you what the real problem is.

Thank you for the help.  Google hadn't turned that one up during all my
searching yesterday, guess I hadn't found the right search string.

Comment 5 Matthew Barnes 2008-06-03 13:57:17 UTC
I imagine Evolution is just echoing back whatever error message the underlying
encryption tool gave.  But yes, point taken about it not being very helpful.

I'll close this as NOTABUG, then.  The usability aspects will have to be dealt
with upstream.