From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8b4) Gecko/20050811 Firefox/1.0+ Description of problem: Using personal S/MIME email certificates from Thawte, tested to work fine with both Apple Mail and Mozilla Thunderbird, I could send signed messages from Evolution just fine, but when receiving signed emails they are said to have 'Invalid signature' . clicking on the message status yields this: The signature of this message cannot be verified, it may have been altered in transit. Signer: John Doe <j.doe>: Signing certificate not trusted When trying to /send/ an encrypted email, Evolution acts as if the Thawte certificate cannot be used to encrypt, even though its own certificate manager says otherwise: Could not create message. Because "Cannot add SMIMEEncKeyPrefs attribute", you may need to select different mail options. Version-Release number of selected component (if applicable): evolution-2.2.3-2.fc4, mozilla-nss-1.7.10-1.5.1 How reproducible: Always Steps to Reproduce: 1. Get two Thawte certificates from thawte.com 2. Send signed e-mails from one to the other 3. (Try) sending encrypted e-mails Actual Results: Evolution sends signed e-mails fine but the signatures cannot be verified (the same e-mail, accessed by Thunderbird using IMAP, verifies just fine). Evolution fails to encrypt, described above; again, Thunderbird works just fine. There is no way to add the received certificate to the list of contacts' public certificates, nor to declare the certificate trusted. Expected Results: Evolution should work similarly to Thunderbird - perhaps this is fixed in a future version? I checked the CVS ChangeLog but didn't see any S/MIME update recently. Maybe it's a problem with the version of NSS it's linked against? Additional info:
My mistake. When a new certificate issuer is first encountered by Evolution, it is not trusted to certify anything. Editing the trust level for the certificate issuer results in the mails being verified properly.