Bug 165821 - S/MIME signature verification always fails, encryption never works
S/MIME signature verification always fails, encryption never works
Product: Fedora
Classification: Fedora
Component: evolution (Show other bugs)
x86_64 Linux
medium Severity medium
: ---
: ---
Assigned To: Dave Malcolm
Depends On:
Blocks: FC4Update
  Show dependency treegraph
Reported: 2005-08-12 11:50 EDT by Michel Alexandre Salim
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-08-12 19:48:31 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Michel Alexandre Salim 2005-08-12 11:50:48 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8b4) Gecko/20050811 Firefox/1.0+

Description of problem:
Using personal S/MIME email certificates from Thawte, tested to work fine with both Apple Mail and Mozilla Thunderbird, I could send signed messages from Evolution just fine, but when receiving signed emails they are said to have 'Invalid signature' . clicking on the message status yields this:

The signature of this message cannot be verified, it
may have been altered in transit.

Signer: John Doe <j.doe@acme.corp>: Signing certificate not trusted

When trying to /send/ an encrypted email, Evolution acts as if the Thawte certificate cannot be used to encrypt, even though its own certificate manager says otherwise:

Could not create message.

Because "Cannot add SMIMEEncKeyPrefs attribute", you may
need to select different mail options.

Version-Release number of selected component (if applicable):
evolution-2.2.3-2.fc4, mozilla-nss-1.7.10-1.5.1

How reproducible:

Steps to Reproduce:
1. Get two Thawte certificates from thawte.com
2. Send signed e-mails from one to the other
3. (Try) sending encrypted e-mails

Actual Results:  Evolution sends signed e-mails fine but the signatures cannot be verified (the same e-mail, accessed by Thunderbird using IMAP, verifies just fine).

Evolution fails to encrypt, described above; again, Thunderbird works just fine.

There is no way to add the received certificate to the list of contacts' public certificates, nor to declare the certificate trusted.

Expected Results:  Evolution should work similarly to Thunderbird - perhaps this is fixed in a future version? I checked the CVS ChangeLog but didn't see any S/MIME update recently. Maybe it's a problem with the version of NSS it's linked against?

Additional info:
Comment 1 Michel Alexandre Salim 2005-08-12 19:48:31 EDT
My mistake. When a new certificate issuer is first encountered by Evolution, it
is not trusted to certify anything. Editing the trust level for the certificate
issuer results in the mails being verified properly.

Note You need to log in before you can comment on or make changes to this bug.