25 Feb
2013
25 Feb
'13
11:49 p.m.
On 26/02/13 09:21, Leslie Turriff wrote:
On Monday 25 February 2013 16:05:27 dep wrote:
I think you missed the point Dep is making.
The *actual* problem is that when KMail comes across a broken certificate, and
you tell it "Remember this one is okay forever", it *does not* remember that it
is okay forever.
Telling KMail "never check the certificates" does not solve the
problem, since that stops KMail from complaining *at all*. It completely breaks
when you have a situation like this:
- Site X certificate is broken, and I trust it forever;
- Site Y certificate is broken, but I only trust it this one time;
- I don't trust site Z at all unless the certificate is valid.
--
Steven
said dep:
| said Leslie Turriff:
| | This drove me mad for ages, until I finally broke down and started
| | tinkering with the Settings. (I don't know if this is the best way to
| | fix this, but I figure that when an ISP sends certificates with broken
| | authority info, which apparently is ignored by all those Windoze mail
| | clients, it must be more or less okay...)
| | In the Scurity & Privacy Settings, S/MIME Validation tab, I unchecked
| | "Do not check certificate policies" and "Never consult a CRL",
and now
| | kMail doesn't gripe about this any more.
|
| not the safest thing to do, but preferable to insanity -- thanks!
well, except for one thing: it didn't solve the problem.
Hmmm... I don't think I changed anything else to fix it. Maybe your ISP's
certificate problem is different than mine?