On 26/02/13 09:21, Leslie Turriff wrote:
On Monday 25 February 2013 16:05:27 dep wrote:
said dep: | said Leslie Turriff: | | This drove me mad for ages, until I finally broke down and started | | tinkering with the Settings. (I don't know if this is the best way to | | fix this, but I figure that when an ISP sends certificates with broken | | authority info, which apparently is ignored by all those Windoze mail | | clients, it must be more or less okay...) | | In the Scurity & Privacy Settings, S/MIME Validation tab, I unchecked | | "Do not check certificate policies" and "Never consult a CRL", and now | | kMail doesn't gripe about this any more. | | not the safest thing to do, but preferable to insanity -- thanks!
well, except for one thing: it didn't solve the problem.
Hmmm... I don't think I changed anything else to fix it. Maybe your ISP's certificate problem is different than mine?
I think you missed the point Dep is making.
The *actual* problem is that when KMail comes across a broken certificate, and you tell it "Remember this one is okay forever", it *does not* remember that it is okay forever.
Telling KMail "never check the certificates" does not solve the problem, since that stops KMail from complaining *at all*. It completely breaks when you have a situation like this:
- Site X certificate is broken, and I trust it forever; - Site Y certificate is broken, but I only trust it this one time; - I don't trust site Z at all unless the certificate is valid.