Re: [Evolution] Automatically fetching public key for encrypted mail does not work

On Tue, 2016-03-01 at 10:03 +0100, Milan Crha wrote:

there was a Google Summer of Code project providing fetch of X.509
certificates (for S/MIME, which MS Exchange supports) from address
books. It took the certificates from Global Address List (GAL), as
advertised by the MS Exchange server. It's filled here:
for LDAP:
for address books in general:

The work is currently blocked on NSS. Feel free to join the later bug,
the reporter has better overview of the subject.

Actually the interesting bug is #736808. Specifically:

The "making the certs available" part is solved by evolution-pkcs11.
Although that does want a little updating to make it build against the
latest Evolution.

As Milan says, the reason it's not merged into Evolution (or EDS) and
enabled by *default* is because of NSS.

The NSS PK11_ListCerts() function takes O(n²) time, because it iterates
over the certs, for each one calling back into a naïve 'collector'
function that checks it's unique and adds it to the list.

In my case it takes about ten minutes to process all the certs that
evolution-pkcs11 makes available.

When you bring up the prefs dialog (not even looking at certs),
Evolution calls that PK11_ListCerts() function.

Three times, in quick succession.

From the main thread, before it does any redrawing or anything else.

30 minutes later, you can finally see the prefs dialog :)

So... in comment #2 of the bug, as referenced above, it says what I
think needs doing — populate the dialog asynchronously instead of
making us wait, and instead of using PK11_ListCerts we use our *own*
code to iterate over the certs in the token, calling back to our own
*non-stupid* callback function which quickly inserts each one into a
GHashTable or something like that, instead of a linear list.

In the longer term, I'd love to just ditch NSS completely and use
something saner. But this should suffice for now to enable the GAL
certificate lookup.

David Woodhouse                            Open Source Technology Centre
David Woodhouse intel com                              Intel Corporation

Attachment: smime.p7s
Description: S/MIME cryptographic signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]