Bug 449721 - evolution problems signing (not encrypting) with SSL cert
Summary: evolution problems signing (not encrypting) with SSL cert
Alias: None
Product: Fedora
Classification: Fedora
Component: evolution
Version: 9
Hardware: i686
OS: Linux
Target Milestone: ---
Assignee: Matthew Barnes
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2008-06-03 05:41 UTC by Andrew Grimberg
Modified: 2008-06-03 13:57 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2008-06-03 13:57:17 UTC
Type: ---

Attachments (Terms of Use)

Description Andrew Grimberg 2008-06-03 05:41:20 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20080416 Fedora/ Firefox/

Description of problem:
I recently upgraded from Fedora 8 to Fedora 9 and evolution started complaining when trying to send signed mail.  I get a dialog stating this:

'Could not create message.

Because "Cannot add SMIMEEncKeyPrefs attribute", you may need to select different mail options.'

This is a transplanted configuration by using the 'Backup Settings' tool in Evolution on Fedora 8.

The mail will send if I disable S/MIME Sign and do an S/MIME Encrypt.

I went so far as to build a clean Evolution profile and reimported my certificate to the exact same results.

A side note, encrypted messages that setup to be include self as an encryptee can not be read.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Acquire SSL signing certificate (I'm using a free one from Thawte)
2. Import SSL certificate
3. Add certificate to email account for signing and encrypting
4. Verify that 'Digitally sign outging messages (by default)' and 'Also encrypt to self when sending encrypted mail' are selected in the Security setup.
5. Generate a mail and try sending (make sure Security->S/MIME Sign is selected)
6. See annoying dialog box
7. For testing Encryption (only) unselect Security->S/MIME Sign and select Security->S/MIME Encrypt
8. Notice mail is sent
9. Check sent mail and try reading message and see 'Decoder failed, error -8147'

Actual Results:
Phase 1 (up to step 6) I see an error dialog telling me that Evolution "Cannot add SMIMEEncKeyPrefs attribute".

Step 7 - 9 I get a mail generated but am unable to read the message that was supposed to be self encrypted back to me in the Sent folder.

Expected Results:
Mail should have been sent signed and / or encrypted with the ability to decrypt the sent mail.

Additional info:

Comment 1 Andrew Grimberg 2008-06-03 13:06:41 UTC
Just an update.  As I was doing my encryption testing to my account at work
which is currently checked from a Fedora 7 (evolution-2.10.3-9) system.  The
encryption worked just fine (as in I can decrypt the message) however, as
stated, the mail couldn't be signed so the receiving end states that it can't
guarantee authenticity since it isn't signed.

Comment 2 Milan Crha 2008-06-03 13:24:17 UTC
Do you see any error messages on the console when trying this in F9? I'm not
sure whether these are shown on the evolution's or evolution-data-server's
console, though. (To run evolution-data-server on its own console, you should
close evolution and run command "evolution --force-shutdown" first, because
there cannot run more than one eds instance at the moment).

Comment 3 Matthew Barnes 2008-06-03 13:33:05 UTC
You might also try this:

Comment 4 Andrew Grimberg 2008-06-03 13:52:27 UTC
Yes, that was the problem all along.  I find it frustrating that the error isn't
clear enough to tell you what the real problem is.

Thank you for the help.  Google hadn't turned that one up during all my
searching yesterday, guess I hadn't found the right search string.

Comment 5 Matthew Barnes 2008-06-03 13:57:17 UTC
I imagine Evolution is just echoing back whatever error message the underlying
encryption tool gave.  But yes, point taken about it not being very helpful.

I'll close this as NOTABUG, then.  The usability aspects will have to be dealt
with upstream.

Note You need to log in before you can comment on or make changes to this bug.