After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 433638 - Certificate issues with smart cards
Certificate issues with smart cards
Status: RESOLVED DUPLICATE of bug 253574
Product: evolution
Classification: Applications
Component: Mailer
2.28.x (obsolete)
Other All
: Normal normal
: ---
Assigned To: evolution-mail-maintainers
Evolution QA team
Depends on:
Blocks:
 
 
Reported: 2007-04-26 16:06 UTC by David Mueller
Modified: 2013-05-31 13:52 UTC
See Also:
GNOME target: ---
GNOME version: 2.27/2.28


Attachments
Fix to select encryption key for s/mime messages (634 bytes, patch)
2009-12-05 04:34 UTC, Gerald Stueve
needs-work Details | Review

Description David Mueller 2007-04-26 16:06:18 UTC
Please describe the problem:
I am running Evolution 2.8.0 on CentOS 5, and attempting to set up Evolution to sign/encrypt email using certificates on a smart card.  Using modutil, I inserted libcoolkeypk11.so into secmod.db

$ modutil -add "Coolkey" -libfile "libcoolkeypk11.so" -dbdir ~/.evolution/

Once I did this I was able to configure a certificate on the card to be used for signing email.  The card contains three certificates, two that showed up when selecting which card to use for signing were the ID Certificate and the Email Signature Certificate, which is the same behavior as Mozilla Thunderbird.  I selected the Email Signature Certificate.  When I sent a test email to another account that is checked with Thunderbird and I inspected the certificate, I saw that the serial number for the certificate matches that of the ID Certificate, not the Email Signature Certificate.  So Evolution is using the wrong certificate to sign; it isn't using the certificate it is configured to sign with.

Second, when I went to configure the Encryption certificate, I had the same two choices (ID Certificate and Email Signature Certificate); the Email Encryption Certificate did not appear.  When configuring the Encryption certificate in Thunderbird, only the Email Encryption Certificate is shown as an option.

Steps to reproduce:
1. Add Coolkey to secmod.db
2. Configure signing and encryption certificates
3. Send a signed email


Actual results:
Email is signed with incorrect certificate.

Encryption certificate cannot be selected.

Expected results:
Email signed with the certificate Evolution is configured to sign with.

Be able to select Encryption certificate for email.

Does this happen every time?
I only tried it once, but another user on the coolkey-devel list reported the same problem of Evolution selecting the wrong certificate with Evolution 2.6.3 on Debian in January.

Other information:
Comment 1 Gerald Stueve 2009-12-05 04:34:48 UTC
Created attachment 149134 [details] [review]
Fix to select encryption key for s/mime messages

This fixes the problem identified in bug 433638 about being unable to select an encryption key. This will show only when the encryption key does not have signing bit set.
Comment 2 ext-johan.groth 2010-03-31 17:05:16 UTC
This bug is still present in Evolution 2.28.1 (Ubuntu 9.1). It is impossible to choose an encryption certificate. I can only choose a signing certificate.
Comment 3 André Klapper 2013-03-26 19:29:46 UTC
em-account-editor.c does not exist anymore.

No idea if this problem is still valid either.

Code covered in the patch is nowadays in mail/e-mail-config-security-page.c (marking patch as needs-rework):


mail_config_security_page_select_encrypt_cert (GtkButton *button,
                                               GtkEntry *entry) {
	selector = e_cert_selector_new (
		E_CERT_SELECTOR_RECIPIENT,
		gtk_entry_get_text (entry));

mail_config_security_page_select_sign_cert (GtkButton *button,
                                            GtkEntry *entry) {
	selector = e_cert_selector_new (
		E_CERT_SELECTOR_SIGNER,
		gtk_entry_get_text (entry));
Comment 4 Milan Crha 2013-05-30 16:20:36 UTC
The patch is obsolete, the rest of the bug might be better addressed within bug #253574, thus I'm marking this as a duplicate of it.

*** This bug has been marked as a duplicate of bug 253574 ***
Comment 5 Milan Crha 2013-05-31 13:52:02 UTC
(This was fixed within bug #604534)