Sending signed / ecnrypted mail to X.509 (SMIME) recipient fails with "likely bug" error message window. Log attached.
Description
Description
Details
Details
- Version
- Gpg4win 3.1.0. beta 48; Outlook 2010 32-bit, Exchange Server
Revisions and Commits
Revisions and Commits
| rO GpgOL | |||
| rO3dcea486dcdc Improve error handling on encryption | |||
| Status | Assigned | Task | ||
|---|---|---|---|---|
| Resolved | • aheinecke | T3899 Gpg4win 3.1.1 | ||
| Resolved | • aheinecke | T3897 GpgOL: Sending signed / ecnrypted mail to X.509 (SMIME) recipient fails and error is not shown |
Event Timeline
Comment Actions
The Bug is here that the Error is not shown properly. In the log:
11:22:05/2312/ERROR/cryptcontroller.cpp:do_crypto: Encryption error No CRL known.
This is a hard failure by design in GnuPG. If no Certificate Revocation list can be fetched but a CRL distribution point is provided in the Cert chain it will fail.
You can disable-crl-checks in Kleopatra (Under S/MIME Validation tab) "never consult a CRL"
I will have to improve error handling when encryption fails. I didn't think about S/MIME failures. I won't move the release date for this as S/MIME is uncommon and failures are more uncommon but I'll fix it soon.
Btw. If you have an exchange 2016 you might also run into T3885 which will be fixed for todays release.
Comment Actions
This task and Forum reports about CRL errors caused me to investigate a bit and we found a Bug with CRL's on Windows. T3923 which might be the root cause.
Still have to fix / improve the error.
Comment Actions
Both CRL downloads and the error handling / reporting is much improved in Gpg4win-3.1.1
CRL's probably actually work for the first time since 3.0.0 :-&