[Evolution] Bug#652079: Evolution initializes ~/.pki/nssdb/pkcs11.txt with incomplete content which breaks SSL

Alexander Kurtz kurtz.alex at googlemail.com
Wed Dec 14 16:41:26 UTC 2011 

Package: evolution
Version: 3.0.3-3
Severity: important

Hi,

Steps to reproduce:
      * Move or delete ~/.pki
      * start Evolution and let it recreate ~/.pki

Expected outcome:
      * Only custom certificates are gone.

Actual outcome:
      * Evolution doesn't show anything under "Edit -> Preferences ->
        Certificates -> Authorities"
      * Evolution fails to verify GMail's SSL certificate

Workaround/Fix:
    $ diff ~/.pki/nssdb/pkcs11.txt.orig ~/.pki/nssdb/pkcs11.txt
    0a1,2
    > library=libnssckbi.so
    > 
    $

I've attached both the original "pkcs11.txt" created by Evolution and my
modified version. Please tell me if you need anything else to reproduce
or fix this problem.

Please also note that this (probably) means that Evolution will fail to
verify certificates when started in a freshly created user account.

Best regards

Alexander Kurtz
-------------- next part --------------
library=
name=NSS Internal PKCS #11 Module
parameters=configdir='sql:/home/alexander/.pki/nssdb' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='/home/alexander/.local/share/evolution' updateCertPrefix='' updateKeyPrefix='' updateid='/home/alexander/.local/share/evolution' updateTokenDescription='Evolution S/MIME' 
NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})

-------------- next part --------------
library=libnssckbi.so

library=
name=NSS Internal PKCS #11 Module
parameters=configdir='sql:/home/alexander/.pki/nssdb' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='/home/alexander/.local/share/evolution' updateCertPrefix='' updateKeyPrefix='' updateid='/home/alexander/.local/share/evolution' updateTokenDescription='Evolution S/MIME' 
NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-evolution-maintainers/attachments/20111214/24f6b6e9/attachment.pgp>

More information about the Pkg-evolution-maintainers mailing list