#1656 new
hadmob

Expired Recipient Certificates

Reported by hadmob | January 24th, 2017 @ 10:54 AM

Hi,

it seems MailMate selects wrong (expired) certificate for the recipient from the Keychain. It's hard for me to verify, because none of my mail clients actually shows which certificate it uses, but I had to delete all old recipient certificates from Keychain manually for it to choose the correct one which would be decryptable on the recipient's end in desktop Apple Mail.

Could you please make sure that MailMate ignores expired recipient certificates?

Thanks in advance.

Comments and changes to this ticket

  • benny

    benny January 29th, 2017 @ 10:32 AM

    I've been working on S/MIME recently trying to fix various long standing issues. I've also added that MailMate should no longer allow using an expired certificate, but I haven't actually tested it yet. You are welcome to try it out in the latest test release (hold down ⌥ when clicking “Check Now” in the Software Update preferences pane). You should get r5335.

    Warning: I've done a lot of changes and therefore it's not unlikely I've also introduced new bugs.

  • hadmob

    hadmob January 29th, 2017 @ 12:04 PM

    Thank you. Unfortunately, I removed all the expired certs completely, so I can't test it at the moment. I'll check when some more expire.

  • benny

    benny January 30th, 2017 @ 02:09 PM

    • State changed from “new” to “fixcommitted”

    Ok, I'm going to mark this as a committed fix, but you'll just add a comment if it doesn't work as expected.

    MailMate should now favor non-expired certificates: Never used them for identities, only use them for recipients if they are explicitly trusted in the keychain, and in the latter case still prefer any non-expired alternative.

  • benny

    benny February 9th, 2017 @ 01:20 PM

    • State changed from “fixcommitted” to “fixreleased”

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Mac OS X email client.

Shared Ticket Bins

People watching this ticket

Pages