Bug 2059 - gpgme >=1.1.8 not compatible with S/MIME encryption
Summary: gpgme >=1.1.8 not compatible with S/MIME encryption
Alias: None
Product: Claws Mail
Classification: Unclassified
Component: Plugins/Privacy/PGP (show other bugs)
Version: 3.7.4
Hardware: PC Linux
: P3 normal
Assignee: users
Depends on:
Reported: 2009-11-19 15:27 CET by JG
Modified: 2010-02-03 21:17 CET (History)
0 users

See Also:


Description JG 2009-11-19 15:27:16 CET

i encountered the bug in may 2009 where v1.1.8 got stable in gentoo but didn't bother then because gpgme v1.1.6 worked fine. but now v1.1.6 is not (easily) available anymore. i've tested the latest CVS version 3.7.3cvs17 and it is still affected.

problem with >=1.1.8 (i tested 1.1.8 and 1.2.0):
error message: ksba_cms_parse failed couldn't decrypt, no cms object

steps to reproduce:
1) send encrypted message (S/MIME) to oneself from within claws mail (i also tried to toggle "encrypt to self" option), sign+encrypt doesn't work either. signing only works.
2) reading encrypted message in CM fails with the error message "no cms object"

--debug output on the receiving side (clicking on the encrypted message):
sgpgme.c:379:data 0xbfd8c448 (1207 7599)
prefs_gpg.c:526:set GPG_AGENT_INFO=/tmp/gpg-ZsC4KX/S.gpg-agent:16337:1
sgpgme.c:436:can't decrypt (No CMS object)
smime.c:428:plain is null!

--debug while sending message (only smime related stuff):
prefs_gpg.c:596: cmp smime smime                                                                         
select-keys.c:281:select_keys:fill_clist:  pattern 'email@address' proto 1                                  
select-keys.c:307:% select-keys.c:307:  insert                                                           
select-keys.c:337:% select-keys.c:337:  ready                                                            
sgpgme.c:472:adding FINGERPRINT

sgpgme.c:495:using default gnupg key                                                                     
prefs_gpg.c:526:set GPG_AGENT_INFO=/tmp/gpg-ZsC4KX/S.gpg-agent:16337:1      

smime.c:776:found FINGERPRINT at 0                                          
smime.c:781:Encrypting message content         

just downgrade to v1.1.6 and everything works fine withouth any other changes.
Comment 1 Charles A Edwards 2009-11-19 16:27:28 CET
It works without issue for me using gpgme-1.2.0.
Comment 2 JG 2009-11-19 16:46:52 CET
that's very strange. i can confirm my bug on two systems, but both are gentoo and have similar configs in that regard.

maybe some other package is to blame:

i personally suspect gnutls which has made problems before, what version do you have?
Comment 3 users 2010-01-15 14:43:35 CET
Changes related to this bug have been committed.
Please check latest CVS and update the bug accordingly.
You can also get the patch from:

2010-01-15 [colin]	3.7.4cvs2

	* src/privacy.c
		Decode mimeinfo before decrypting it. Probably
		fixes bug 2059 'gpgme >=1.1.8 not compatible 
		with S/MIME encryption' and bug 2076 'having 
		worked 2 times properly CLAWS ceased to 
		decrypt incoming PGP mails -displays base64 
		instead - sucks completely'
		Let's hope complete suckage ends here!
Comment 4 JG 2010-01-15 23:53:43 CET
i've installed gpgme v1.1.8 and applied the patch to claws v3.7.4 and i can't reproduce the error anymore. so i guess i can set this to fixed! thanks very much!
Comment 5 JG 2010-01-18 20:12:50 CET
after more testing (e.g. receiving emails from other people) i have to reopen this again :(

it seems i can only decrypt my own emails (which didn't work before the patch), but now emails from all other people result in the error message "no cms object".

so this patch seems to have reversed my problem.
Comment 6 JG 2010-02-03 21:17:45 CET
the patch in 3.7.5cvs4 of matthias drochner fixes the problem! (i didn't try 3.7.5cvs4 but applied his patch to 3.7.5 which he sent to my email address).

i've tried decrypting older emails in my inbox from other people and
some emails from myself which worked. i've only encountered some emails
which didn't work but if i remember correctly those emails have been
sent by a broken c-m version (in regards to the base64 issue).

i've also sent new emails (including text attachments) to myself and to
one thunderbird and one outlook user. both were able to decrypt and
anwser me without any problems on either side.


Note You need to log in before you can comment on or make changes to this bug.