From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8b4) Gecko/20050811 Firefox/1.0+

Description of problem:
Using personal S/MIME email certificates from Thawte, tested to work fine with both Apple Mail and Mozilla Thunderbird, I could send signed messages from Evolution just fine, but when receiving signed emails they are said to have 'Invalid signature' . clicking on the message status yields this:

The signature of this message cannot be verified, it
may have been altered in transit.

Signer: John Doe <j.doe@acme.corp>: Signing certificate not trusted

When trying to /send/ an encrypted email, Evolution acts as if the Thawte certificate cannot be used to encrypt, even though its own certificate manager says otherwise:

Could not create message.

Because "Cannot add SMIMEEncKeyPrefs attribute", you may
need to select different mail options.




Version-Release number of selected component (if applicable):
evolution-2.2.3-2.fc4, mozilla-nss-1.7.10-1.5.1

How reproducible:
Always

Steps to Reproduce:
1. Get two Thawte certificates from thawte.com
2. Send signed e-mails from one to the other
3. (Try) sending encrypted e-mails
  

Actual Results:  Evolution sends signed e-mails fine but the signatures cannot be verified (the same e-mail, accessed by Thunderbird using IMAP, verifies just fine).

Evolution fails to encrypt, described above; again, Thunderbird works just fine.

There is no way to add the received certificate to the list of contacts' public certificates, nor to declare the certificate trusted.

Expected Results:  Evolution should work similarly to Thunderbird - perhaps this is fixed in a future version? I checked the CVS ChangeLog but didn't see any S/MIME update recently. Maybe it's a problem with the version of NSS it's linked against?

Additional info: