Re: [Evolution] PKCS11 in evolution

From: Kåre Fiedler Christiansen <fedora kaarefc dk>
To: evolution-list gnome org
Subject: Re: [Evolution] PKCS11 in evolution
Date: Wed, 03 Nov 2010 21:11:48 +0100

On Mon, 2010-11-01 at 19:19 +0100, KÃre Fiedler Christiansen wrote:

On Sun, 2010-10-31 at 15:29 -0400, David Woodhouse wrote:

On Sat, 2010-10-30 at 16:11 +0200, KÃre Fiedler Christiansen wrote:


<snip about using PKCS11 certificate store in Evolution>

The latter (~/.pki/nssdb) was the right one.

I'd try debugging the certificate availability with nss-gui and the NSS
command line tools first. If it's working in NSS then we'll look at
Evolution.


Thanks for your reply.

I didn't know about nss-gui, but I found it. It seems only to have
source-releases yet, and no instructions on getting it to work (or a
license, even), but it was easy enough to get to work with a little
fiddling.

Should anyone need the instructions, I found nss-gui at
https://fedorahosted.org/nss-gui/
and compiled it with
  $ cd wrapnssgui
  $ make
(I had to install the package "boost-devel" first)

When running 
  $ ./wrapnssgui --ini ../xrnssgui/xrnssgui.ini --dbdir ~/.pki/nssdb/
I have no trouble seeing the PKCS#11 security device or my certificate
in the GUI - is there something you wanted me to test specifically?

Otherwise, do you have any further suggestions for debugging?


I've been playing around with this a bit. Importing PKCS12-certificates
with nss-gui in the certificate store makes them show up in evolution,
and the other way round, so I've definitely got the right store.

However, the PKCS11-based certificates (neither personal nor CA) don't
show up in evolution, although they seem fine in nss-gui. I even tried
using the same store with Thunderbird, and that works without a glitch.

So it would seem that evolution only uses the certificates from the
built-in security module. Is there some specific debugging I can turn on
for the initialisation of the certificate store? I haven't been able to
find anything with the debugging in evolution I know of, but since it
generates a lot of output I may have overlooked something.

I've seen success reported on using this in evolution 2.26 (yes, that's
oooold), but that was before some of the more recent updates in
certificate handling in Evolution, so perhaps some sort of regression
was introduced?

Any input would be much appreciated.

Best,
  KÃre

References:
- Re: [Evolution] PKCS11 in evolution
  - From: =?ISO-8859-1?Q?K=E5re?= Fiedler Christiansen

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]