[kmail2] [Bug 351861] New: bad error message when S/MIME crl's are not reachable

kolAflash kolAflash at kolahilft.de
Thu Aug 27 15:57:38 BST 2015


https://bugs.kde.org/show_bug.cgi?id=351861

            Bug ID: 351861
           Summary: bad error message when S/MIME crl's are not reachable
           Product: kmail2
           Version: 4.14.7
          Platform: openSUSE RPMs
                OS: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: NOR
         Component: crypto
          Assignee: kdepim-bugs at kde.org
          Reporter: kolAflash at kolahilft.de

If a message could not be encrypted and send, because the receivers S/MIME
certificate crls (certificate revocation lists) are not reachable, the only
error message is:
"Could not compose message: Not found".
That's as unhelpful as possible!

Only way to workaround:
Kleopatra => Settings => Configure Kleopatra => S/MIME => check "Never consult
a CRL"

Two possible solutions:

1. Replace error message with something more precise for this situation. E.g.
"Couldn't verify receivers S/MIME certificate, because it's revocation urls are
not reachable."

2. Additionally give the user the possibility, to ignore that the crls could
not be reached.

Those are the actual revocation urls used in the receivers S/MIME certificate.
If the original, full S/MIME certificate is helpful for you, tell me and I'll
ask the owner if I can publish it here.
http://cdp1.pca.dfn.de/haw-hamburg-ca/pub/crl/g_cacrl.crl
http://cdp2.pca.dfn.de/haw-hamburg-ca/pub/crl/g_cacrl.crl
http://cdp1.pca.dfn.de/haw-hamburg-ca/pub/cacert/g_cacert.crt
http://cdp2.pca.dfn.de/haw-hamburg-ca/pub/cacert/g_cacert.crt

Reproducible: Always

Steps to Reproduce:
1. Write an S/MIME encrypted+signed email to a receiver you have a S/MIME
certificate for, which crls are not reachable.

2. Click "Send".

3. KMail may tell you:
"One or more of the OpenPGP encryption keys or S/MIME certificates for
recipient "..." is not fully trusted for encryption.
The following keys or certificates have unknown trust level: ..."
Click "Continue".

4. KMail will show you the "Encryption Key Approval" window. Click "OK".

Actual Results:  
KMail will show you twice a message "Could not compose message: Not found".

Expected Results:  
Send and encrypt message.

Bug also appears in another place.

1. Send an S/MIME encrypted email to an receiver you don't have an S/MIME
certificate for.

2. When sending, KMail will ask you:
"There are conflicting encryption preferences for these recipients.
Encrypt this message?"
Click "Encrypt".

3. KMail will ask you for a certificate for the receiver. Now search for a
certificate which is valid but has non working crls.

4. Before you click the line containing the certificate, at the left there will
be an icon containing an question-mark.

5. Click at the certificate. The question-mark will change to a red X and
you'll not be able to click "OK".

Also in this case, there should be an explanation what's wrong about the
certificate and maybe also an possibility to send+encrypt the email anyway with
that key.

-- 
You are receiving this mail because:
You are the assignee for the bug.



More information about the Kdepim-bugs mailing list