On Monday 21 May 2007 14:25, Jure Varlec wrote: > On Sunday 20 of May 2007 20:16:43 Mick wrote: > > OK, I also tried Validate with CRL and I am now getting a CRL related > > error: =============================================================
> Now that I checked with some random signed mails on this list, it turns out > my setup shows exactly the same symptoms as yours, i.e. it can't download > certain CRLs and cacert's OCP doesn't work. To be frank, what I really > needed S/MIME to work for are the bills my telco issues through e-mail. > After installing dimngr and the relevant certificate, kmail recognizes > signature in their bills correctly. > > Funny thing is, kleopatra can and does download certain CRLs correctly > using URLs embedded in a certificate, but can't do so for some others. And > even if it can download a CRL, it then can't download the issuer > certificate which makes it a bit useless. I haven't a clue how to proceed, > as documentation seems a bit scarce. Are you sure it is meant to download the issuer certificate? I assume it may do that if you have ticked "Fetch missing issuer certificates" under the Kmail preferences, but I am not sure how Kmail would know where to fetch a certificate from (unless there's an x509 extension that you can enter when creating the certificate?). > As there are people on this list who use S/MIME signatures I guess it can > be made to work. Perhaps someone could chime in? Yes please! Has anyone managed to get Kmail to work? BTW, I can report that Kleopatra/gpgsm refuses to import pkcs12 bundles which have had a public key encrypted with triple des, instead of the default RC2 40. -- Regards, Mick
pgpHJL3zDjCUi.pgp
Description: PGP signature
