[issue232] OCSP problems
Bernhard Herzog
aegypten-issues at intevation.de
Mon Jul 5 18:49:10 CEST 2004
New submission from Bernhard Herzog <bh at intevation.de>:
Sorry for the unspecific title, but I'm not sure what the problem really is.
The situation, OCSP is enabled for both gpgsm and dirmngr with the patch from
issue196 in libksab. Without the patch dirmngr will always get "unknown" back
from the OCSP server. With the patch the OCSP responses look OK.
Now I'm trying to verify a signature on an email. Without OCSP the signature is
green. With OCSP it is yellow ("No status information available"). The debug
ouput in watchgnupg:
6 - 2004-07-05 18:41:32 dirmngr[11535.0x80643b0] DBG: -> S
ONLY_VALID_IF_CERT_VALID AFAAB9D27E4B4B6B400891A163D31E2A850BB1EC
6 - 2004-07-05 18:41:32 dirmngr[11535]: Zertifikatstatus ist: Gut
(this=20040705T164134 next=)
6 - 2004-07-05 18:41:32 dirmngr[11535.0x80643b0] DBG: -> OK
5 - 2004-07-05 18:41:32 gpgsm[11534]: Das Zertifikat hatte nicht zum Signieren
benutzt werden sollen
5 - 2004-07-05 18:41:32 gpgsm[11534]: Die CRL konnte nicht gepr?ft werden:
Invalid CRL
5 - 2004-07-05 18:41:32 gpgsm[11534.0x807b6f8] DBG: -> S GOODSIG
5 - 2004-07-05 18:41:32 gpgsm[11534.0x807b6f8] DBG: -> S VALIDSIG
73945BF0D288A6A9428F89C0BABC42A9655A8EA3 2004-01-27 20040127T153146 20050208T103528
5 - 2004-07-05 18:41:32 gpgsm[11534]: invalid certification chain: Invalid CRL
5 - 2004-07-05 18:41:32 gpgsm[11534.0x807b6f8] DBG: -> S TRUST_UNDEFINED 133
5 - 2004-07-05 18:41:32 gpgsm[11534.0x807b6f8] DBG: -> OK
----------
assignedto: werner
messages: 1159
nosy: bh, werner
priority: urgent
status: unread
title: OCSP problems
topic: DirMngr, gpgsm
______________________________________________________
Aegypten issue tracker <aegypten-issues at intevation.de>
<https://intevation.de/roundup/aegypten/issue232>
______________________________________________________
More information about the Gpa-dev
mailing list