[kmail2] [Bug 351861] bad error message when S/MIME crl's are not reachable
via KDE Bugzilla
bugzilla_noreply at kde.org
Tue Jun 7 15:37:10 BST 2016
https://bugs.kde.org/show_bug.cgi?id=351861
jansen at hbz-nrw.de changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jansen at hbz-nrw.de
--- Comment #3 from jansen at hbz-nrw.de ---
I seem to have the same problem on current tumbleweed distro.
Things worked fine, however, untill about 2 weeks ago when suddenly KMail
started refusing my s/mime certificate for my mail identity.
Kleopatra at the same time still showed the the certificate as privat/secret,
valid and trusted.
On the other hand, "gpgsm --sign somefile.txt" no longer worked:
~> LC_ALL=C gpgsm --sign somefile.txt
gpgsm: certificate is not usable for signing
gpgsm: certificate is not usable for signing
gpgsm: certificate is not usable for signing
gpgsm: certificate is not usable for signing
gpgsm: certificate not found: Ambiguous name
gpgsm: certificate #1A1A2E4...,CN=h...,OU=R...,O=...,C=DE
gpgsm: checking the CRL failed: Not found
gpgsm: error creating signature: Not found <GpgSM>
Using "gpgsm --disable-crl-check --sign somefile.txt" worked.
Perhaps related:
~> LC_ALL=C dirmngr --fetch-crl
'http://pki.telesec.de/cgi-bin/service/af_DownloadARL.crl?-crl_format=X_509&-issuer=DT_ROOT_CA_2'
dirmngr[5983.0]: permanently loaded certificates: 0
dirmngr[5983.0]: runtime cached certificates: 0
dirmngr[5983.0]: error fetching certificate by S/N: Configuration error
dirmngr[5983.0]: CRL issuer certificate (#26/CN=Deutsche Telekom Root CA
2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE) not found
dirmngr[5983.0]: crl_parse_insert failed: Missing certificate
dirmngr[5983.0]: processing CRL from
'http://pki.telesec.de/cgi-bin/service/af_DownloadARL.crl?-crl_format=X_509&-issuer=DT_ROOT_CA_2'
failed: Missing certificate
while "gpgsm -k" lists this cert:
ID: 0x8CDE37BF
S/N: 26
Issuer: /CN=Deutsche Telekom Root CA 2/OU=T-TeleSec Trust
Center/O=Deutsche Telekom AG/C=DE
Subject: /CN=Deutsche Telekom Root CA 2/OU=T-TeleSec Trust
Center/O=Deutsche Telekom AG/C=DE
validity: 1999-07-09 12:11:00 through 2019-07-09 23:59:00
key type: 2048 bit RSA
key usage: certSign crlSign
chain length: 5
fingerprint: 85:A4:08:C0:9C:19:3E:5D:51:58:7D:CD:D6:13:30:FD:8C:DE:37:BF
Disabling the usage of CRLs in KMail and Kleopatra settings "fixed" the
problems (except for the dirmngr command shown above).
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Kdepim-bugs
mailing list