Gentoo Archives: gentoo-user

From: Mick <michaelkintzios@×××××.com>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] OpenSSL certificates and Kmail
Date: Wed, 23 May 2007 22:10:06
In Reply to: Re: [gentoo-user] OpenSSL certificates and Kmail by Jure Varlec
1 On Monday 21 May 2007 14:25, Jure Varlec wrote:
2 > On Sunday 20 of May 2007 20:16:43 Mick wrote:
3 > > OK, I also tried Validate with CRL and I am now getting a CRL related
4 > > error: =============================================================
6 > Now that I checked with some random signed mails on this list, it turns out
7 > my setup shows exactly the same symptoms as yours, i.e. it can't download
8 > certain CRLs and cacert's OCP doesn't work. To be frank, what I really
9 > needed S/MIME to work for are the bills my telco issues through e-mail.
10 > After installing dimngr and the relevant certificate, kmail recognizes
11 > signature in their bills correctly.
12 >
13 > Funny thing is, kleopatra can and does download certain CRLs correctly
14 > using URLs embedded in a certificate, but can't do so for some others. And
15 > even if it can download a CRL, it then can't download the issuer
16 > certificate which makes it a bit useless. I haven't a clue how to proceed,
17 > as documentation seems a bit scarce.
19 Are you sure it is meant to download the issuer certificate? I assume it may
20 do that if you have ticked "Fetch missing issuer certificates" under the
21 Kmail preferences, but I am not sure how Kmail would know where to fetch a
22 certificate from (unless there's an x509 extension that you can enter when
23 creating the certificate?).
25 > As there are people on this list who use S/MIME signatures I guess it can
26 > be made to work. Perhaps someone could chime in?
28 Yes please! Has anyone managed to get Kmail to work?
30 BTW, I can report that Kleopatra/gpgsm refuses to import pkcs12 bundles which
31 have had a public key encrypted with triple des, instead of the default RC2
32 40.
33 --
34 Regards,
35 Mick