GNOME Bugzilla – Bug 685230
Extensions of s/Mime-signed emails encoded
Last modified: 2015-08-13 10:26:20 UTC
When i receive a signed mail, click on the certificate-icon, click "view certificate", hit the "details" tab, choose the certificate in the top panel (Certificate Hierarchy) and scroll down to "extensions" in the center panel (Certificate Fields), these keys and values are encrypted. example : Object Identifier (2 5 29 14) thunderbird for example shows the extension in human readable form like Subject's Alternative Name http://www.turnguard.com/turnguard
Attaching a testcase is highly welcome.
unfortunately there's no easy way to create an own s/mime certificate. there are some guides around that may help [1][2][3]. if you choose one of these options don't forget to enter something in the Subject's Alternative Name slot (SAN). easiest way to reproduce would be to look for this email [4] in evolution and open it's s/mime signature there (it has been sent to mailing list : oct, 2nd, 2012). i haven't setup a gnome developement environment yet, so i cannot provide a patch that i'm sure of it's working. but apparently there's only a case for SEC_OID_X509_SUBJECT_ALT_NAME [5] missing in static gboolean get_oid_text in file smime/lib/e-cert.c will provide more info as soon as i got my dev environment set up. wkr turnguard [1] http://serverfault.com/questions/103263/can-i-create-my-own-s-mime-certificate-for-email-encryption [2] http://www.tc.umn.edu/~brams006/selfsign.html [3] http://kb.mozillazine.org/Creating_SMIME_certificates [4] https://mail.gnome.org/archives/evolution-list/2012-October/msg00004.html [5] http://zenit.senecac.on.ca/wiki/dxr/source.cgi/mozilla/security/nss/lib/util/secoidt.h
Evolution currently uses gcr to show certificate details, better said to present information about certificates to a user, and it uses "Subject Alternative Names" for that extension. I consider this fixed.