GpgOL: Sending signed / ecnrypted mail to X.509 (SMIME) recipient fails and error is not shown
Closed, ResolvedPublic

Description

Sending signed / ecnrypted mail to X.509 (SMIME) recipient fails with "likely bug" error message window. Log attached.

Details

Commits
rO3dcea486dcdc: Improve error handling on encryption
Version
Gpg4win 3.1.0. beta 48; Outlook 2010 32-bit, Exchange Server
JJworx created this task.Apr 12 2018, 1:25 PM
aheinecke renamed this task from Sending signed / ecnrypted mail to X.509 (SMIME) recipient fails to GpgOL: Sending signed / ecnrypted mail to X.509 (SMIME) recipient fails and error is not shown.Apr 13 2018, 7:57 AM
aheinecke triaged this task as Normal priority.Apr 13 2018, 8:01 AM
aheinecke claimed this task.
aheinecke added a subscriber: aheinecke.

The Bug is here that the Error is not shown properly. In the log:

11:22:05/2312/ERROR/cryptcontroller.cpp:do_crypto: Encryption error No CRL known.

This is a hard failure by design in GnuPG. If no Certificate Revocation list can be fetched but a CRL distribution point is provided in the Cert chain it will fail.
You can disable-crl-checks in Kleopatra (Under S/MIME Validation tab) "never consult a CRL"

I will have to improve error handling when encryption fails. I didn't think about S/MIME failures. I won't move the release date for this as S/MIME is uncommon and failures are more uncommon but I'll fix it soon.

Btw. If you have an exchange 2016 you might also run into T3885 which will be fixed for todays release.

This task and Forum reports about CRL errors caused me to investigate a bit and we found a Bug with CRL's on Windows. T3923 which might be the root cause.

Still have to fix / improve the error.

aheinecke changed the task status from Open to Testing.May 3 2018, 3:37 PM

Both CRL downloads and the error handling / reporting is much improved in Gpg4win-3.1.1

CRL's probably actually work for the first time since 3.0.0 :-&

aheinecke closed this task as Resolved.Jun 18 2018, 4:29 PM

Has long been in testing. I think it is improved now and CRL's also work.