[kmail2] [Bug 351861] bad error message when S/MIME crl's are not reachable

via KDE Bugzilla bugzilla_noreply at kde.org
Tue Jun 7 15:37:10 BST 2016 

https://bugs.kde.org/show_bug.cgi?id=351861

jansen at hbz-nrw.de changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jansen at hbz-nrw.de

--- Comment #3 from jansen at hbz-nrw.de ---
I seem to have the same problem on current tumbleweed distro. 
Things worked fine, however, untill about 2 weeks ago when suddenly KMail
started refusing my s/mime certificate for my mail identity. 
Kleopatra at the same time still showed the the certificate as privat/secret,
valid and trusted. 

On the other hand, "gpgsm --sign somefile.txt" no longer worked:

~> LC_ALL=C gpgsm --sign somefile.txt
gpgsm: certificate is not usable for signing
gpgsm: certificate is not usable for signing
gpgsm: certificate is not usable for signing
gpgsm: certificate is not usable for signing
gpgsm: certificate not found: Ambiguous name
gpgsm: certificate #1A1A2E4...,CN=h...,OU=R...,O=...,C=DE
gpgsm: checking the CRL failed: Not found
gpgsm: error creating signature: Not found <GpgSM>

Using "gpgsm --disable-crl-check --sign somefile.txt" worked.

Perhaps related:

~> LC_ALL=C dirmngr --fetch-crl
'http://pki.telesec.de/cgi-bin/service/af_DownloadARL.crl?-crl_format=X_509&-issuer=DT_ROOT_CA_2'
dirmngr[5983.0]: permanently loaded certificates: 0
dirmngr[5983.0]:     runtime cached certificates: 0
dirmngr[5983.0]: error fetching certificate by S/N: Configuration error
dirmngr[5983.0]: CRL issuer certificate (#26/CN=Deutsche Telekom Root CA
2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE) not found
dirmngr[5983.0]: crl_parse_insert failed: Missing certificate
dirmngr[5983.0]: processing CRL from
'http://pki.telesec.de/cgi-bin/service/af_DownloadARL.crl?-crl_format=X_509&-issuer=DT_ROOT_CA_2'
failed: Missing certificate

while "gpgsm -k" lists this cert:

           ID: 0x8CDE37BF
          S/N: 26
       Issuer: /CN=Deutsche Telekom Root CA 2/OU=T-TeleSec Trust
Center/O=Deutsche Telekom AG/C=DE
      Subject: /CN=Deutsche Telekom Root CA 2/OU=T-TeleSec Trust
Center/O=Deutsche Telekom AG/C=DE
     validity: 1999-07-09 12:11:00 through 2019-07-09 23:59:00
     key type: 2048 bit RSA
    key usage: certSign crlSign
 chain length: 5
  fingerprint: 85:A4:08:C0:9C:19:3E:5D:51:58:7D:CD:D6:13:30:FD:8C:DE:37:BF

Disabling the usage of CRLs in KMail and Kleopatra settings "fixed" the
problems (except for the dirmngr command shown above).

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the Kdepim-bugs mailing list