https://bugs.kde.org/show_bug.cgi?id=351861
Bug ID: 351861 Summary: bad error message when S/MIME crl's are not reachable Product: kmail2 Version: 4.14.7 Platform: openSUSE RPMs OS: Linux Status: UNCONFIRMED Severity: normal Priority: NOR Component: crypto Assignee: kdepim-bugs@kde.org Reporter: kolafl...@kolahilft.de If a message could not be encrypted and send, because the receivers S/MIME certificate crls (certificate revocation lists) are not reachable, the only error message is: "Could not compose message: Not found". That's as unhelpful as possible! Only way to workaround: Kleopatra => Settings => Configure Kleopatra => S/MIME => check "Never consult a CRL" Two possible solutions: 1. Replace error message with something more precise for this situation. E.g. "Couldn't verify receivers S/MIME certificate, because it's revocation urls are not reachable." 2. Additionally give the user the possibility, to ignore that the crls could not be reached. Those are the actual revocation urls used in the receivers S/MIME certificate. If the original, full S/MIME certificate is helpful for you, tell me and I'll ask the owner if I can publish it here. http://cdp1.pca.dfn.de/haw-hamburg-ca/pub/crl/g_cacrl.crl http://cdp2.pca.dfn.de/haw-hamburg-ca/pub/crl/g_cacrl.crl http://cdp1.pca.dfn.de/haw-hamburg-ca/pub/cacert/g_cacert.crt http://cdp2.pca.dfn.de/haw-hamburg-ca/pub/cacert/g_cacert.crt Reproducible: Always Steps to Reproduce: 1. Write an S/MIME encrypted+signed email to a receiver you have a S/MIME certificate for, which crls are not reachable. 2. Click "Send". 3. KMail may tell you: "One or more of the OpenPGP encryption keys or S/MIME certificates for recipient "..." is not fully trusted for encryption. The following keys or certificates have unknown trust level: ..." Click "Continue". 4. KMail will show you the "Encryption Key Approval" window. Click "OK". Actual Results: KMail will show you twice a message "Could not compose message: Not found". Expected Results: Send and encrypt message. Bug also appears in another place. 1. Send an S/MIME encrypted email to an receiver you don't have an S/MIME certificate for. 2. When sending, KMail will ask you: "There are conflicting encryption preferences for these recipients. Encrypt this message?" Click "Encrypt". 3. KMail will ask you for a certificate for the receiver. Now search for a certificate which is valid but has non working crls. 4. Before you click the line containing the certificate, at the left there will be an icon containing an question-mark. 5. Click at the certificate. The question-mark will change to a red X and you'll not be able to click "OK". Also in this case, there should be an explanation what's wrong about the certificate and maybe also an possibility to send+encrypt the email anyway with that key. -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ Kdepim-bugs mailing list Kdepim-bugs@kde.org https://mail.kde.org/mailman/listinfo/kdepim-bugs