Bug 165821 - S/MIME signature verification always fails, encryption never works
Summary: S/MIME signature verification always fails, encryption never works
Alias: None
Product: Fedora
Classification: Fedora
Component: evolution
Version: 4
Hardware: x86_64
OS: Linux
Target Milestone: ---
Assignee: Dave Malcolm
QA Contact:
Depends On:
Blocks: FC4Update
TreeView+ depends on / blocked
Reported: 2005-08-12 15:50 UTC by Michel Alexandre Salim
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2005-08-12 23:48:31 UTC
Type: ---

Attachments (Terms of Use)

Description Michel Alexandre Salim 2005-08-12 15:50:48 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8b4) Gecko/20050811 Firefox/1.0+

Description of problem:
Using personal S/MIME email certificates from Thawte, tested to work fine with both Apple Mail and Mozilla Thunderbird, I could send signed messages from Evolution just fine, but when receiving signed emails they are said to have 'Invalid signature' . clicking on the message status yields this:

The signature of this message cannot be verified, it
may have been altered in transit.

Signer: John Doe <j.doe@acme.corp>: Signing certificate not trusted

When trying to /send/ an encrypted email, Evolution acts as if the Thawte certificate cannot be used to encrypt, even though its own certificate manager says otherwise:

Could not create message.

Because "Cannot add SMIMEEncKeyPrefs attribute", you may
need to select different mail options.

Version-Release number of selected component (if applicable):
evolution-2.2.3-2.fc4, mozilla-nss-1.7.10-1.5.1

How reproducible:

Steps to Reproduce:
1. Get two Thawte certificates from thawte.com
2. Send signed e-mails from one to the other
3. (Try) sending encrypted e-mails

Actual Results:  Evolution sends signed e-mails fine but the signatures cannot be verified (the same e-mail, accessed by Thunderbird using IMAP, verifies just fine).

Evolution fails to encrypt, described above; again, Thunderbird works just fine.

There is no way to add the received certificate to the list of contacts' public certificates, nor to declare the certificate trusted.

Expected Results:  Evolution should work similarly to Thunderbird - perhaps this is fixed in a future version? I checked the CVS ChangeLog but didn't see any S/MIME update recently. Maybe it's a problem with the version of NSS it's linked against?

Additional info:

Comment 1 Michel Alexandre Salim 2005-08-12 23:48:31 UTC
My mistake. When a new certificate issuer is first encountered by Evolution, it
is not trusted to certify anything. Editing the trust level for the certificate
issuer results in the mails being verified properly.

Note You need to log in before you can comment on or make changes to this bug.