From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8b4) Gecko/20050811 Firefox/1.0+
Description of problem:
Using personal S/MIME email certificates from Thawte, tested to work fine with both Apple Mail and Mozilla Thunderbird, I could send signed messages from Evolution just fine, but when receiving signed emails they are said to have 'Invalid signature' . clicking on the message status yields this:
The signature of this message cannot be verified, it
may have been altered in transit.
Signer: John Doe <firstname.lastname@example.org>: Signing certificate not trusted
When trying to /send/ an encrypted email, Evolution acts as if the Thawte certificate cannot be used to encrypt, even though its own certificate manager says otherwise:
Could not create message.
Because "Cannot add SMIMEEncKeyPrefs attribute", you may
need to select different mail options.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Get two Thawte certificates from thawte.com
2. Send signed e-mails from one to the other
3. (Try) sending encrypted e-mails
Actual Results: Evolution sends signed e-mails fine but the signatures cannot be verified (the same e-mail, accessed by Thunderbird using IMAP, verifies just fine).
Evolution fails to encrypt, described above; again, Thunderbird works just fine.
There is no way to add the received certificate to the list of contacts' public certificates, nor to declare the certificate trusted.
Expected Results: Evolution should work similarly to Thunderbird - perhaps this is fixed in a future version? I checked the CVS ChangeLog but didn't see any S/MIME update recently. Maybe it's a problem with the version of NSS it's linked against?
My mistake. When a new certificate issuer is first encountered by Evolution, it
is not trusted to certify anything. Editing the trust level for the certificate
issuer results in the mails being verified properly.