From dwerder at gmx.net Sun Jan 2 15:10:16 2005 From: dwerder at gmx.net (Dominik Werder) Date: Sun Jan 2 15:05:20 2005 Subject: Error when signing a key Message-ID: Hello! This is my first post to the list. I compiled gpg 1.4.0, gpgme 1.0.2 and gpa 0.7.0 If I try to sign another key from within gpa, I get: GPA Error: The GPGME library returned an unexpected error. The error was: General error This is probably a bug in GPA. GPA will now try to recover from this error. I'm running Slackware 10: Linux 2.4.26 #6 Mon Jun 14 19:07:27 PDT 2004 i686 unknown unknown GNU/Linux If you tell me how to get more debug output I can post it.. bye! Dominik From wk at gnupg.org Mon Jan 3 10:01:42 2005 From: wk at gnupg.org (Werner Koch) Date: Mon Jan 3 16:01:54 2005 Subject: No Pinentry In-Reply-To: <200412300021.36471@erwin.ingo-kloecker.de> (Ingo =?utf-8?q?Kl=C3=B6cker's?= message of "Thu, 30 Dec 2004 00:21:27 +0100") References: <200412291542.38873.john@johnrshannon.com> <200412300021.36471@erwin.ingo-kloecker.de> Message-ID: <87wtuudgy1.fsf@wheatstone.g10code.de> On Thu, 30 Dec 2004 00:21:27 +0100, Ingo Kl?cker said: > gpgsm is deprecated. You should install gpg2 (which replaces the old > gpgsm). Note that you still need gpg for OpenPGP/MIME. No. gpgsm is not deprecated but the S/MIME cousin of gpg. In fact, gpg2 should not be used because the gpg from gnupg 1.2.x or gnupg.1.4.x is much more matured than gpg2 Werner From wk at gnupg.org Mon Jan 3 10:06:36 2005 From: wk at gnupg.org (Werner Koch) Date: Mon Jan 3 16:01:58 2005 Subject: No Pinentry In-Reply-To: <200412291542.38873.john@johnrshannon.com> (John R. Shannon's message of "Wed, 29 Dec 2004 15:42:30 -0700") References: <200412291542.38873.john@johnrshannon.com> Message-ID: <87sm5idgpv.fsf@wheatstone.g10code.de> On Wed, 29 Dec 2004 15:42:30 -0700, John R Shannon said: > /usr/pkg/bin/gpg-agent --daemon --pinentry-program /usr/pkg/bin/pinentry-gtk Does /usr/pkg/bin/pinentry-gtk shows you you a greeting like "OK Your orders please" ? Enter "GETPIN" and the window should appear. Enter a random PIN into the window and you should get back something like "D 1234". Enter "BYE" Does it all work? If not: Are DISPLAY and GPG_TTY set? Werner From wk at gnupg.org Mon Jan 3 10:17:11 2005 From: wk at gnupg.org (Werner Koch) Date: Mon Jan 3 16:02:01 2005 Subject: Directory Use and Permissions In-Reply-To: <200412311104.53021.john@johnrshannon.com> (John R. Shannon's message of "Fri, 31 Dec 2004 11:04:41 -0700") References: <200412311104.53021.john@johnrshannon.com> Message-ID: <87oeg6dg88.fsf@wheatstone.g10code.de> On Fri, 31 Dec 2004 11:04:41 -0700, John R Shannon said: > libassuan, pinentry, dirmngr and gnupg-1.9.14 all reference sharedstatedir and > localstatedir. What are the minimum permissions required for these > directories? Must they be world writeable? Can they be moved relative to > $HOME? AFAICS only dirmngr makes use of them: AM_CPPFLAGS += -DDIRMNGR_SYSCONFDIR="\"$(sysconfdir)/@PACKAGE@\"" AM_CPPFLAGS += -DDIRMNGR_LIBEXECDIR="\"$(libexecdir)\"" AM_CPPFLAGS += -DDIRMNGR_DATADIR="\"$(localstatedir)/lib/@PACKAGE@\"" AM_CPPFLAGS += -DDIRMNGR_CACHEDIR="\"$(localstatedir)/cache/@PACKAGE@\"" The SYSCONFDIR is usually set to /etc/dirmngr and it may be world readable except for the ldapservers.conf file which contains passwords. As a configuration directory no write permissions are required. The DATADIR (/var/lib/dirmngr) currently does not need to be writable but future versions of the dirmngr might want to write to it. The CACHEDIR (/var/cache/dirmngr) obviously needs to be writable by the dirmngr process. You may move them relativly to $HOME. Werner From john at johnrshannon.com Mon Jan 3 11:03:38 2005 From: john at johnrshannon.com (John R. Shannon) Date: Mon Jan 3 16:02:05 2005 Subject: No Pinentry In-Reply-To: <87sm5idgpv.fsf@wheatstone.g10code.de> References: <200412291542.38873.john@johnrshannon.com> <87sm5idgpv.fsf@wheatstone.g10code.de> Message-ID: <200501030303.49900.john@johnrshannon.com> $ /usr/pkg/bin/pinentry-gtk OK Your orders please GETPIN pinentry-gtk: no LC_CTYPE known - assuming UTF-8 pinentry-gtk: no LC_CTYPE known - assuming UTF-8 D 1234 OK Yes, it works. However, if I enter: $ echo test |gpgsm -s |gpgsm -v I get: $ echo test |gpgsm -s |gpgsm -v Secure memory is not locked into core gpgsm: NOTE: THIS IS A DEVELOPMENT VERSION! gpgsm: It is only intended for test purposes and should NOT be gpgsm: used in a production environment or with production keys! Secure memory is not locked into core gpgsm: NOTE: THIS IS A DEVELOPMENT VERSION! gpgsm: It is only intended for test purposes and should NOT be gpgsm: used in a production environment or with production keys! gpgsm: invalid command (there is no implicit command) random usage: poolsize=600 mixed=0 polls=0/0 added=0/0 outmix=0 getlvl1=0/0 getlvl2=0/0 secmem usage: 0/16384 bytes in 0 blocks gpgsm: DBG: get_keygrip for public key gpgsm: DBG: keygrip= E8 EC 38 C7 15 91 8E 10 3B 81 B1 5C 1B 9E 78 44 FF 00 2C D2 gpgsm: DBG: connection to agent established gpgsm: DBG: get_keygrip for public key gpgsm: DBG: keygrip= 40 11 6E 4E 45 90 89 62 12 E4 15 E8 4D B2 FE CA D9 C8 4F 32 gpgsm: DBG: get_keygrip for public key gpgsm: DBG: keygrip= 87 43 A7 7F 9B 34 04 A2 02 C4 9A 05 12 C7 9D 4D C9 A0 E8 0F gpgsm: DBG: get_keygrip for public key gpgsm: DBG: keygrip= 25 C2 B4 54 4C BE D7 CD DF 38 0B 1A A1 F4 12 E9 0D 9B EE 2A gpgsm: DBG: get_keygrip for public key gpgsm: DBG: keygrip= 10 A3 0F 90 46 90 07 B8 83 9E 25 DA BF 52 C3 A0 85 EF 47 E7 gpgsm: DBG: get_keygrip for public key gpgsm: DBG: keygrip= 46 C6 0C 78 ED 9A 58 BD EC A6 C8 4B 54 77 5A 89 D5 A2 AC 9E gpgsm: DBG: get_keygrip for public key gpgsm: DBG: keygrip= 6E F5 76 6F 2F 11 17 07 7A 4C 4A BA 8F 46 05 5F 33 D2 82 7D gpgsm: DBG: get_keygrip for public key gpgsm: DBG: keygrip= 82 18 86 D8 7A 84 2A 93 02 B7 6E 48 90 68 29 6E 95 74 10 CF gpgsm: DBG: get_keygrip for public key gpgsm: DBG: keygrip= 44 5E 70 A0 76 61 54 84 E2 31 3A 44 B4 60 2D 18 0E E1 49 68 gpgsm: DBG: get_keygrip for public key gpgsm: DBG: keygrip= B3 47 FE 13 6B 50 70 65 02 82 F7 6F 8A F7 05 B7 DF 1F E6 02 gpgsm: DBG: BEGIN Certificate `target': gpgsm: DBG: serial: 365CD49D4E7CF8A606E2890261CEC95E gpgsm: DBG: notBefore: 2004-03-05 00:00:00 gpgsm: DBG: notAfter: 2005-03-05 23:59:59 gpgsm: DBG: issuer: CN=VeriSign IECA,OU=IECA-3,OU=Contractor,OU=PKI,OU=DOD,O=U.S. Government,C=US gpgsm: DBG: subject: CN=John Shannon1000213471,OU=Company Name - SAIC,OU=IECA-3,OU=Contractor,OU=PKI,OU=DOD,O=U.S. Government,C=US gpgsm: DBG: hash algo: 1.2.840.113549.1.1.5 gpgsm: DBG: SHA1 Fingerprint: DB:D9:D9:B2:6E:A6:FF:57:B6:F2:30:C5:3D:72:4C:3F:F3:CF:30:AD gpgsm: DBG: END Certificate gpgsm: certificate's policy list: 2.16.840.1.101.2.1.11.5:N: gpgsm: note: non-critical certificate policy not allowed gpgsm: DBG: got issuer's certificate: gpgsm: DBG: BEGIN Certificate `issuer': gpgsm: DBG: serial: 6B8419EFCF2EFE6D34A9A0CA0BBDD9C7 gpgsm: DBG: notBefore: 2001-11-21 00:00:00 gpgsm: DBG: notAfter: 2006-11-20 23:59:59 gpgsm: DBG: issuer: CN=VeriSign IECA,OU=IECA-3,OU=Contractor,OU=PKI,OU=DOD,O=U.S. Government,C=US gpgsm: DBG: subject: CN=VeriSign IECA,OU=IECA-3,OU=Contractor,OU=PKI,OU=DOD,O=U.S. Government,C=US gpgsm: DBG: hash algo: 1.2.840.113549.1.1.5 gpgsm: DBG: SHA1 Fingerprint: 08:57:2A:4C:D4:9A:76:60:D4:72:7A:6E:55:FF:D4:44:9C:82:0E:4D gpgsm: DBG: END Certificate gpgsm: DBG: signature value: 28 37 3A 73 69 67 2D 76 61 6C 28 33 3A 72 73 61 28 31 3A 73 31 32 38 3A 40 B3 F7 1D D6 20 C5 F1 E8 1F B5 6C 90 B7 42 19 21 24 84 9F 04 C4 D0 EC 86 5E D3 89 B1 2D 7CAA 2C FC 8B 41 47 2B 8B BA 3A 67 23 59 6D 26 33 13 FA 2D 18 1B 4A 1E E2 D1 3D 3E 40 BF 12 A1 CF 0B E6 74 A1 02 CC 96 8F 01 DD DB 5C 17 46 E0 41 41 E3 60 3F C5 BE 24 57 DA 9C 26 FA 99 8F 09 80 5A 2D 9A 3D 9C F0 E4 1E F8 B9 80 0B 2B 9A 34 7B A9 83 60 72 66 9C 15 16 D9 98 53 55 1C 6A A8 8E D6 29 29 29 gpgsm: DBG: encoded hash: 00 01 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FFFF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 30 21 30 09 06 05 2B 0E 03 02 1A 05 00 04 14 6B 8D D5 3A 90 D9 DD 21 5E 09 4E 4E C8 B0 B2 5D A5 56 20 06 DBG: pubkey_verify: algo=1 pkey:: C83669C9450375A09AF10F13D98828785CFBFD2F25BF146C1A2D79DADB1F35B5B5CF2B28F109229228E9F8375B31CAC89185EBDA656439D346F2F359FCA66A9EAEA0E501D34A609B28678A6E10ED536006F8E7174F1659E2A4C1C42F816E57E4A912AE3A0A5747A0EE50D7A9B046732E7C4F759390196E777AD954E1AB5A9BF9 pkey:: 10001 sig:: 40B3F71DD620C5F1E81FB56C90B742192124849F04C4D0EC865ED389B12D7CAA2CFC8B41472B8BBA3A6723596D263313FA2D181B4A1EE2D13D3E40BF12A1CF0BE674A102CC968F01DDDB5C1746E04141E3603FC5BE2457DA9C26FA998F09805A2D9A3D9CF0E41EF8B9800B2B9A347BA9836072669C1516D99853551C6AA88ED6 hash:: 1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003021300906052B0E03021A050004146B8DD53A90D9DD215E094E4EC8B0B25DA5562006 gpgsm: DBG: gcry_pk_verify: Success gpgsm: DBG: connection to dirmngr established gpgsm: asking dirmngr about DB:D9:D9:B2:6E:A6:FF:57:B6:F2:30:C5:3D:72:4C:3F:F3:CF:30:AD gpgsm: response of dirmngr: okay gpgsm: certificate is good gpgsm: certificate's policy list: 2.16.840.1.101.2.1.11.5:N: gpgsm: note: non-critical certificate policy not allowed gpgsm: DBG: signature value: 28 37 3A 73 69 67 2D 76 61 6C 28 33 3A 72 73 61 28 31 3A 73 31 32 38 3A 3C 36 A4 EF 1E 9A 88 8C 9D 19 42 5A 8C 23 5B 9D 4B B7 84 E7 71 77 EE 96 2E 18 E7 95 D5 16 CCE1 0E 8D A9 A2 DD DC E2 EC CC B4 F4 E7 01 47 75 B2 6A 6D 5F AA 80 7D 6D B1 E1 5C 71 F0 88 22 6A 04 78 B9 D4 98 F0 B0 1B BF A9 23 59 DA 2B 32 80 0E 3A DF 3D 55 E9 51 6E CE 66 51 12 7E AD 64 AE 60 62 CE 7F 15 CB D5 35 78 09 4B D6 70 0B 47 AC 58 82 18 15 F7 85 80 F2 19 08 89 34 FB 47 39 B4 A9 29 29 29 gpgsm: DBG: encoded hash: 00 01 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FFFF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 30 21 30 09 06 05 2B 0E 03 02 1A 05 00 04 14 03 E9 1D 8F 27 23 E4 58 4A 25 7D 2D 66 F7 CA 17 DE 36 AF 66 DBG: pubkey_verify: algo=1 pkey:: C83669C9450375A09AF10F13D98828785CFBFD2F25BF146C1A2D79DADB1F35B5B5CF2B28F109229228E9F8375B31CAC89185EBDA656439D346F2F359FCA66A9EAEA0E501D34A609B28678A6E10ED536006F8E7174F1659E2A4C1C42F816E57E4A912AE3A0A5747A0EE50D7A9B046732E7C4F759390196E777AD954E1AB5A9BF9 pkey:: 10001 sig:: 3C36A4EF1E9A888C9D19425A8C235B9D4BB784E77177EE962E18E795D516CCE10E8DA9A2DDDCE2ECCCB4F4E7014775B26A6D5FAA807D6DB1E15C71F088226A0478B9D498F0B01BBFA92359DA2B32800E3ADF3D55E9516ECE6651127EAD64AE6062CE7F15CBD53578094BD6700B47AC58821815F78580F219088934FB4739B4A9 hash:: 1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003021300906052B0E03021A0500041403E91D8F2723E4584A257D2D66F7CA17DE36AF66 gpgsm: DBG: gcry_pk_verify: Success gpgsm: asking dirmngr about 08:57:2A:4C:D4:9A:76:60:D4:72:7A:6E:55:FF:D4:44:9C:82:0E:4D gpgsm: response of dirmngr: okay gpgsm: DBG: adding certificates at level 1 gpgsm: DBG: get_keygrip for public key gpgsm: DBG: keygrip= B3 47 FE 13 6B 50 70 65 02 82 F7 6F 8A F7 05 B7 DF 1F E6 02 gpgsm: error creating signature: No pinentry random usage: poolsize=600 mixed=3 polls=0/21 added=105/1848 outmix=0 getlvl1=0/0 getlvl2=0/0 secmem usage: 1344/16384 bytes in 2 blocks On Monday 03 January 2005 02:06 am, Werner Koch wrote: > On Wed, 29 Dec 2004 15:42:30 -0700, John R Shannon said: > > /usr/pkg/bin/gpg-agent --daemon --pinentry-program > > /usr/pkg/bin/pinentry-gtk > > Does > > /usr/pkg/bin/pinentry-gtk > > shows you you a greeting like "OK Your orders please" ? Enter > "GETPIN" and the window should appear. Enter a random PIN into the > window and you should get back something like "D 1234". Enter "BYE" > > Does it all work? If not: Are DISPLAY and GPG_TTY set? > > Werner -- John R. Shannon john@johnrshannon.com john.r.shannon@saic.com shannonjr@NetBSD.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 194 bytes Desc: not available Url : /pipermail/attachments/20050103/9b385ae2/attachment.bin From john at johnrshannon.com Mon Jan 3 14:03:28 2005 From: john at johnrshannon.com (John R. Shannon) Date: Mon Jan 3 16:02:21 2005 Subject: No Pinentry In-Reply-To: <874qhybvk7.fsf@wheatstone.g10code.de> References: <200412291542.38873.john@johnrshannon.com> <200501030303.49900.john@johnrshannon.com> <874qhybvk7.fsf@wheatstone.g10code.de> Message-ID: <200501030603.37555.john@johnrshannon.com> It works now with this fix. Thank You. On Monday 03 January 2005 04:28 am, Werner Koch wrote: > Okay, > > here is the fix: > > > 2005-01-03 Werner Koch > > * asshelp.c (send_pinentry_environment): Fixed changed from > 2004-12-18; cut+paste error for lc-messages. > > > diff -u -r1.1.2.4 asshelp.c > --- common/asshelp.c 18 Dec 2004 10:22:10 -0000 1.1.2.4 > +++ common/asshelp.c 3 Jan 2005 11:28:48 -0000 > @@ -150,7 +150,7 @@ > #endif > if (opt_lc_messages || (dft_ttyname && dft_lc)) > { > - err = send_one_option (ctx, errsource, "display", > + err = send_one_option (ctx, errsource, "lc-messages", > opt_lc_messages ? opt_lc_messages : dft_lc); > } > #if defined(HAVE_SETLOCALE) && defined(LC_MESSAGES) -- John R. Shannon john@johnrshannon.com john.r.shannon@saic.com shannonjr@NetBSD.org -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 1458 bytes Desc: not available Url : /pipermail/attachments/20050103/8e094fb1/smime.bin From wk at gnupg.org Mon Jan 3 12:28:56 2005 From: wk at gnupg.org (Werner Koch) Date: Mon Jan 3 16:02:32 2005 Subject: No Pinentry In-Reply-To: <200501030303.49900.john@johnrshannon.com> (John R. Shannon's message of "Mon, 3 Jan 2005 03:03:38 -0700") References: <200412291542.38873.john@johnrshannon.com> <87sm5idgpv.fsf@wheatstone.g10code.de> <200501030303.49900.john@johnrshannon.com> Message-ID: <874qhybvk7.fsf@wheatstone.g10code.de> Okay, here is the fix: 2005-01-03 Werner Koch * asshelp.c (send_pinentry_environment): Fixed changed from 2004-12-18; cut+paste error for lc-messages. diff -u -r1.1.2.4 asshelp.c --- common/asshelp.c 18 Dec 2004 10:22:10 -0000 1.1.2.4 +++ common/asshelp.c 3 Jan 2005 11:28:48 -0000 @@ -150,7 +150,7 @@ #endif if (opt_lc_messages || (dft_ttyname && dft_lc)) { - err = send_one_option (ctx, errsource, "display", + err = send_one_option (ctx, errsource, "lc-messages", opt_lc_messages ? opt_lc_messages : dft_lc); } #if defined(HAVE_SETLOCALE) && defined(LC_MESSAGES) From bernhard at intevation.de Mon Jan 3 18:13:58 2005 From: bernhard at intevation.de (Bernhard Reiter) Date: Mon Jan 3 18:10:40 2005 Subject: Error when signing a key In-Reply-To: References: Message-ID: <20050103171358.GQ10243@intevation.de> On Sun, Jan 02, 2005 at 03:10:16PM +0100, Dominik Werder wrote: > This is my first post to the list. Welcome Dominik then! > I compiled gpg 1.4.0, gpgme 1.0.2 and gpa 0.7.0 > If I try to sign another key from within gpa, I get: > > GPA Error: > The GPGME library returned an unexpected error. The error was: > General error > This is probably a bug in GPA. > GPA will now try to recover from this error. > > I'm running Slackware 10: Linux 2.4.26 #6 Mon Jun 14 19:07:27 PDT 2004 > i686 unknown unknown GNU/Linux Thanks for reporting. > If you tell me how to get more debug output I can post it.. You can try running this with the following environment variable set: GPGME_DEBUG=3:/tmp/gpgme.log -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20050103/55730d3e/attachment-0001.bin From bernhard at intevation.de Mon Jan 3 18:17:51 2005 From: bernhard at intevation.de (Bernhard Reiter) Date: Mon Jan 3 18:14:12 2005 Subject: Dirmngr and proxy In-Reply-To: <200412291509.37804.john@johnrshannon.com> References: <200412291509.37804.john@johnrshannon.com> Message-ID: <20050103171751.GR10243@intevation.de> On Wed, Dec 29, 2004 at 03:09:36PM -0700, John R. Shannon wrote: > I have a network where all outgoing traffic must pass through a proxy server. > The proxy server, 192.168.1.4, runs both an http proxy at port 3128 and an > LDAP proxy (slapd) at port 389. > > Dirmngr on a client is running: > > /usr/pkg/bin/dirmngr --daemon \ > --http-proxy http://192.168.1.4:3128 \ > --ldap-proxy 192.168.1.4 > > When I try a test signing the uses certificate with an http crlDP, I see an > outgoing message on 192.168.1.4 from the client to 192.168.1.4 that's blocked > by the firewall. Debug your firewall? Seriously: It seems fine behaviour from your description unless the port is wrong, so I guess you need to bring in more details before somebody can help you. (Or am I missing something obvious here?) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20050103/e906275b/attachment.bin From john at johnrshannon.com Mon Jan 3 18:30:32 2005 From: john at johnrshannon.com (John R. Shannon) Date: Mon Jan 3 18:27:05 2005 Subject: Dirmngr and proxy In-Reply-To: <20050103171751.GR10243@intevation.de> References: <200412291509.37804.john@johnrshannon.com> <20050103171751.GR10243@intevation.de> Message-ID: <200501031030.42431.john@johnrshannon.com> I did not include enough information. The outgoing message on 192.168.1.4 is to 192.168.1.4:80, indicating that the LDAP server is using the specified http-proxy IP address, but, not the port number. On Monday 03 January 2005 10:17 am, Bernhard Reiter wrote: > On Wed, Dec 29, 2004 at 03:09:36PM -0700, John R. Shannon wrote: > > I have a network where all outgoing traffic must pass through a proxy > > server. The proxy server, 192.168.1.4, runs both an http proxy at port > > 3128 and an LDAP proxy (slapd) at port 389. > > > > Dirmngr on a client is running: > > > > /usr/pkg/bin/dirmngr --daemon \ > > --http-proxy http://192.168.1.4:3128 \ > > --ldap-proxy 192.168.1.4 > > > > When I try a test signing the uses certificate with an http crlDP, I see > > an outgoing message on 192.168.1.4 from the client to 192.168.1.4 that's > > blocked by the firewall. > > Debug your firewall? > > Seriously: It seems fine behaviour from your description unless the port > is wrong, so I guess you need to bring in more details before somebody > can help you. (Or am I missing something obvious here?) -- John R. Shannon john@johnrshannon.com -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : /pipermail/attachments/20050103/ce2d5351/attachment.bin From bernhard at intevation.de Mon Jan 3 19:38:29 2005 From: bernhard at intevation.de (Bernhard Reiter) Date: Mon Jan 3 19:34:57 2005 Subject: Dirmngr and proxy In-Reply-To: <200501031030.42431.john@johnrshannon.com> References: <200412291509.37804.john@johnrshannon.com> <20050103171751.GR10243@intevation.de> <200501031030.42431.john@johnrshannon.com> Message-ID: <20050103183829.GW10243@intevation.de> On Mon, Jan 03, 2005 at 10:30:32AM -0700, John R. Shannon wrote: > I did not include enough information. > > The outgoing message on 192.168.1.4 is to 192.168.1.4:80, > indicating that the LDAP server is using the specified http-proxy > IP address, but, not the port number. Do you mean the "dirmngr" doing the request or your LDAP proxy? > On Monday 03 January 2005 10:17 am, Bernhard Reiter wrote: > > On Wed, Dec 29, 2004 at 03:09:36PM -0700, John R. Shannon wrote: > > > I have a network where all outgoing traffic must pass through a proxy > > > server. The proxy server, 192.168.1.4, runs both an http proxy at port > > > 3128 and an LDAP proxy (slapd) at port 389. > > > > > > Dirmngr on a client is running: > > > > > > /usr/pkg/bin/dirmngr --daemon \ > > > --http-proxy http://192.168.1.4:3128 \ > > > --ldap-proxy 192.168.1.4 > > > > > > When I try a test signing the uses certificate with an http crlDP, I see > > > an outgoing message on 192.168.1.4 from the client to 192.168.1.4 that's > > > blocked by the firewall. > > > > Debug your firewall? > > > > Seriously: It seems fine behaviour from your description unless the port > > is wrong, so I guess you need to bring in more details before somebody > > can help you. (Or am I missing something obvious here?) > > -- > John R. Shannon > john@johnrshannon.com > _______________________________________________ > Gpa-dev mailing list > Gpa-dev@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gpa-dev -- Professional Service for Free Software (intevation.net) The FreeGIS Project (freegis.org) FSFE (fsfeurope.org) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20050103/f7bca161/attachment.bin From wk at gnupg.org Mon Jan 3 12:09:47 2005 From: wk at gnupg.org (Werner Koch) Date: Mon Jan 3 20:41:36 2005 Subject: No Pinentry In-Reply-To: <200501030303.49900.john@johnrshannon.com> (John R. Shannon's message of "Mon, 3 Jan 2005 03:03:38 -0700") References: <200412291542.38873.john@johnrshannon.com> <87sm5idgpv.fsf@wheatstone.g10code.de> <200501030303.49900.john@johnrshannon.com> Message-ID: <87brc6bwg4.fsf@wheatstone.g10code.de> On Mon, 3 Jan 2005 03:03:38 -0700, John R Shannon said: > However, if I enter: > $ echo test |gpgsm -s |gpgsm -v Note that "gpgsm -v" is not the same as "gpgsm --verify" but would print gpgsm: invalid command (there is no implicit command) I can replicate your problem using echo test | gpgsm -sa (The -a creates PEM forma which doesn't mess up the tty). I'll look at it. Werner From dwerder at gmx.net Mon Jan 3 21:42:06 2005 From: dwerder at gmx.net (Dominik Werder) Date: Mon Jan 3 21:37:23 2005 Subject: Error when signing a key In-Reply-To: <20050103171358.GQ10243@intevation.de> References: <20050103171358.GQ10243@intevation.de> Message-ID: > You can try running this with the following environment variable set: > GPGME_DEBUG=3:/tmp/gpgme.log So here is what gpa writes to the logfile if I try to sign the key. I stripped everything else because it is very long but if anybody want, I can send it privately.. posix-io.c:135: closing fd 4 wait.c:160: setting fd 4 (item=0x817a040) done posix-io.c:135: closing fd 9 wait.c:160: setting fd 9 (item=0x8188e30) done posix-io.c:135: closing fd 8 wait.c:160: setting fd 8 (item=0x8184cc0) done posix-io.c:157: set notification for fd 4 posix-io.c:157: set notification for fd 5 posix-io.c:157: set notification for fd 7 posix-io.c:157: set notification for fd 8 posix-io.c:157: set notification for fd 9 posix-io.c:157: set notification for fd 10 posix-io.c:135: closing fd 5 posix-io.c:135: closing fd 7 posix-io.c:135: closing fd 10 posix-io.c:72: fd 9: about to read 4096 bytes posix-io.c:79: fd 9: got 319 bytes fd 9: got `pub:u:1024:17:18FE0A4FE0BAFAD1:1102238330:1117790330::u: fpr:::::::::603551B50FD199BFA3784EF618FE0A4FE0BAFAD1: sub:u:1024:16:CDAA35559D10862D:1102238341:1117790341::: fpr:::::::::D7729E7FA2AEF08372976B43CDAA35559D10862D: uid:u::::::::SirDom (Jabber) :::S9 S8 S7 S3 S2 H2 H3 Z2 Z1,mdc,no-ks-modify:1,p: ' posix-io.c:72: fd 4: about to read 1024 bytes posix-io.c:79: fd 4: got 33 bytes fd 4: got `[GNUPG:] GET_LINE keyedit.prompt ' wait.c:160: setting fd 8 (item=0x8183788) done posix-io.c:72: fd 4: about to read 1024 bytes posix-io.c:79: fd 4: got 16 bytes fd 4: got `[GNUPG:] GOT_IT ' posix-io.c:72: fd 9: about to read 4096 bytes posix-io.c:79: fd 9: got 320 bytes fd 9: got `pub:u:1024:17:18FE0A4FE0BAFAD1:1102238330:1117790330::u: fpr:::::::::603551B50FD199BFA3784EF618FE0A4FE0BAFAD1: sub:u:1024:16:CDAA35559D10862D:1102238341:1117790341::: fpr:::::::::D7729E7FA2AEF08372976B43CDAA35559D10862D: uid:u::::::::SirDom (Jabber) :::S9 S8 S7 S3 S2 H2 H3 Z2 Z1,mdc,no-ks-modify:1,pm: ' posix-io.c:72: fd 4: about to read 1024 bytes posix-io.c:79: fd 4: got 34 bytes fd 4: got `[GNUPG:] GET_LINE sign_uid.expire ' wait.c:160: setting fd 8 (item=0x81797a0) done posix-io.c:72: fd 4: about to read 1024 bytes posix-io.c:79: fd 4: got 16 bytes fd 4: got `[GNUPG:] GOT_IT ' posix-io.c:72: fd 4: about to read 1024 bytes posix-io.c:79: fd 4: got 32 bytes fd 4: got `[GNUPG:] GET_BOOL sign_uid.okay ' posix-io.c:135: closing fd 4 wait.c:160: setting fd 4 (item=0x81799c8) done posix-io.c:135: closing fd 9 wait.c:160: setting fd 9 (item=0x818d5c8) done posix-io.c:135: closing fd 8 wait.c:160: setting fd 8 (item=0x8184b78) done bye! Dominik From wk at gnupg.org Tue Jan 4 10:16:22 2005 From: wk at gnupg.org (Werner Koch) Date: Tue Jan 4 10:15:37 2005 Subject: Error when signing a key In-Reply-To: (Dominik Werder's message of "Mon, 03 Jan 2005 21:42:06 +0100") References: <20050103171358.GQ10243@intevation.de> Message-ID: <874qhxr1uh.fsf@wheatstone.g10code.de> On Mon, 03 Jan 2005 21:42:06 +0100, Dominik Werder said: > posix-io.c:72: fd 4: about to read 1024 bytes > posix-io.c:79: fd 4: got 32 bytes > fd 4: got `[GNUPG:] GET_BOOL sign_uid.okay > ' > posix-io.c:135: closing fd 4 That is GPA problem. Probably it didn't knew what do do with the prompt "sign_uid.okay" and closed the gpgme context. Werner From john at johnrshannon.com Fri Jan 7 13:44:11 2005 From: john at johnrshannon.com (John R. Shannon) Date: Fri Jan 7 13:41:00 2005 Subject: CRL Problem Message-ID: <200501070544.28638.john@johnrshannon.com> Is there a way to retrieve the CRL for this CERT (notice the LDAP crlDP): Serial number: 1B644C9F000000001395 Issuer: CN=Secure Messaging,O=Boeing,C=US Subject: CN=26068,CN=recipients,OU=f22,O=boeing sha1_fpr: 05:6A:37:1B:64:22:8E:AA:8C:60:F0:78:1B:8B:88:3F:5C:25:77:A6 md5_fpr: B4:AE:29:D7:B8:2B:59:71:FB:B3:15:D3:93:D6:E7:84 keygrip: 10A30F90469007B8839E25DABF52C3A085EF47E7 notBefore: 2004-02-09 18:28:16 notAfter: 2006-02-09 18:38:16 hashAlgo: 1.2.840.113549.1.1.5 (sha1WithRSAEncryption) keyType: 1024 bit RSA authKeyId: 19 CN=The Boeing Company Root Certificate Authority,OU=netscape,OU=certservers,O=Boeing,C=US keyUsage: keyEncipherment extKeyUsage: emailProtection (suggested) policies: [none] chainLength: not a CA crlDP: ldap:///CN=Secure%20Messaging,CN=PKI-BLVCA-05,CN=CDP,CN=Public%20Key%20Services,CN=Services,?certificateRevocationList?base?objectclass=cRLDistributionPoint issuer: none crlDP: http://pki-blvca-05.nos.boeing.com/CertEnroll/Secure%20Messaging.crl issuer: none authInfo: [error] subjInfo: [none] extn: 2.5.29.14 (subjectKeyIdentifier) [22 octets] extn: 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) [260 octets] dirmngr stops when it encounters the LDAP UPL without a hostname. -- John R. Shannon john@johnrshannon.com john.r.shannon@saic.com -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 194 bytes Desc: not available Url : /pipermail/attachments/20050107/8e426960/attachment.bin From bernhard at intevation.de Fri Jan 7 15:49:56 2005 From: bernhard at intevation.de (Bernhard Reiter) Date: Fri Jan 7 15:46:24 2005 Subject: CRL Problem In-Reply-To: <200501070544.28638.john@johnrshannon.com> References: <200501070544.28638.john@johnrshannon.com> Message-ID: <20050107144956.GO16647@intevation.de> On Fri, Jan 07, 2005 at 05:44:11AM -0700, John R. Shannon wrote: > Is there a way to retrieve the CRL for this CERT (notice the LDAP crlDP): > > Serial number: 1B644C9F000000001395 > Issuer: CN=Secure Messaging,O=Boeing,C=US > Subject: CN=26068,CN=recipients,OU=f22,O=boeing > sha1_fpr: 05:6A:37:1B:64:22:8E:AA:8C:60:F0:78:1B:8B:88:3F:5C:25:77:A6 > md5_fpr: B4:AE:29:D7:B8:2B:59:71:FB:B3:15:D3:93:D6:E7:84 > keygrip: 10A30F90469007B8839E25DABF52C3A085EF47E7 > notBefore: 2004-02-09 18:28:16 > notAfter: 2006-02-09 18:38:16 > hashAlgo: 1.2.840.113549.1.1.5 (sha1WithRSAEncryption) > keyType: 1024 bit RSA > authKeyId: 19 > CN=The Boeing Company Root Certificate > Authority,OU=netscape,OU=certservers,O=Boeing,C=US > keyUsage: keyEncipherment > extKeyUsage: emailProtection (suggested) > policies: [none] > chainLength: not a CA > crlDP: > ldap:///CN=Secure%20Messaging,CN=PKI-BLVCA-05,CN=CDP,CN=Public%20Key%20Services,CN=Services,?certificateRevocationList?base?objectclass=cRLDistributionPoint > issuer: none > crlDP: > http://pki-blvca-05.nos.boeing.com/CertEnroll/Secure%20Messaging.crl > issuer: none > authInfo: [error] > subjInfo: [none] > extn: 2.5.29.14 (subjectKeyIdentifier) [22 octets] > extn: 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) [260 octets] > > dirmngr stops when it encounters the LDAP UPL without a hostname. What does "stops" mean? It usually also tried other methods. You can for instance add the ldap server to the dirmngr_ldapservers.conf file. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20050107/23008bff/attachment.bin From john at johnrshannon.com Fri Jan 7 17:24:35 2005 From: john at johnrshannon.com (John R. Shannon) Date: Fri Jan 7 18:11:43 2005 Subject: CRL Problem In-Reply-To: <20050107144956.GO16647@intevation.de> References: <200501070544.28638.john@johnrshannon.com> <20050107144956.GO16647@intevation.de> Message-ID: <200501070924.39988.john@johnrshannon.com> It looks like the problem is a bad crlDP. The hostname does not resolve in DNS. Thank you for looking at it. On Friday 07 January 2005 07:49 am, Bernhard Reiter wrote: > On Fri, Jan 07, 2005 at 05:44:11AM -0700, John R. Shannon wrote: > > Is there a way to retrieve the CRL for this CERT (notice the LDAP crlDP): > > > > Serial number: 1B644C9F000000001395 > > Issuer: CN=Secure Messaging,O=Boeing,C=US > > Subject: CN=26068,CN=recipients,OU=f22,O=boeing > > sha1_fpr: > > 05:6A:37:1B:64:22:8E:AA:8C:60:F0:78:1B:8B:88:3F:5C:25:77:A6 md5_fpr: > > B4:AE:29:D7:B8:2B:59:71:FB:B3:15:D3:93:D6:E7:84 > > keygrip: 10A30F90469007B8839E25DABF52C3A085EF47E7 > > notBefore: 2004-02-09 18:28:16 > > notAfter: 2006-02-09 18:38:16 > > hashAlgo: 1.2.840.113549.1.1.5 (sha1WithRSAEncryption) > > keyType: 1024 bit RSA > > authKeyId: 19 > > CN=The Boeing Company Root Certificate > > Authority,OU=netscape,OU=certservers,O=Boeing,C=US > > keyUsage: keyEncipherment > > extKeyUsage: emailProtection (suggested) > > policies: [none] > > chainLength: not a CA > > crlDP: > > ldap:///CN=Secure%20Messaging,CN=PKI-BLVCA-05,CN=CDP,CN=Public%20Key%20Se > >rvices,CN=Services,?certificateRevocationList?base?objectclass=cRLDistribu > >tionPoint issuer: none > > crlDP: > > http://pki-blvca-05.nos.boeing.com/CertEnroll/Secure%20Messaging.crl > > issuer: none > > authInfo: [error] > > subjInfo: [none] > > extn: 2.5.29.14 (subjectKeyIdentifier) [22 octets] > > extn: 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) [260 octets] > > > > dirmngr stops when it encounters the LDAP UPL without a hostname. > > What does "stops" mean? > It usually also tried other methods. > You can for instance add the ldap server to the > dirmngr_ldapservers.conf file. -- John R. Shannon, CISSP Sr. Software Scientist Science Applications International Corporation john.r.shannon@saic.com john@johnrshannon.com -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 194 bytes Desc: not available Url : /pipermail/attachments/20050107/eb92ca05/attachment-0001.bin From aegypten-issues at intevation.de Wed Jan 12 20:54:39 2005 From: aegypten-issues at intevation.de (Colby) Date: Wed Jan 12 22:38:59 2005 Subject: [issue287] Kmail Broken After Following Your instructions!!! Message-ID: <1105559679.09.0.883789849716.issue287@intevation.de> New submission from Colby : Hi I followed the instructions you have at this link: http://www.gnupg.org/aegypten2/index.html and now when I try to styart kmail I get the following error message: kmail: error while loading shared libraries: /usr/lib/libkmailprivate.so.0: undefined symbol: _ZN20CryptPlugWrapperList14loadFromConfigEP7KConfig Any Suggestions? I followed your steps exactly as described. Thanks ---------- messages: 1872 nosy: colby priority: critical status: unread title: Kmail Broken After Following Your instructions!!! ______________________________________________________ Aegypten issue tracker ______________________________________________________ From aegypten-issues at intevation.de Fri Jan 14 10:23:15 2005 From: aegypten-issues at intevation.de (Bernhard Reiter) Date: Fri Jan 14 11:04:33 2005 Subject: [issue288] mutt breaking large opaque large attachment when saving Message-ID: <1105694595.63.0.138123757249.issue288@intevation.de> New submission from Bernhard Reiter : mutt compiled on 20041209 with patch-1.5.6cvs.g10.mdn.3 mutt-curses-redraw-20041127 mutt-aegypten-issue 261-20041120 mutt-crl-too-old-20041004 patch-1.5.6cvs.g10.gpgme.6 I have received a opaque smime signed email having a large attachment. It is a zip file and when saving it, it is broken. ?gypten1 with kmail correctly saved it. Saving it with mutt length when correctly saved: 401743 length when saved with mutt: 400135 I cannot publish the email, but send it to interested trusted developers. ---------- assignedto: werner messages: 1877 nosy: bernhard, bh, moritz, werner priority: urgent status: unread title: mutt breaking large opaque large attachment when saving topic: mutt ______________________________________________________ Aegypten issue tracker ______________________________________________________ From aegypten-issues at intevation.de Fri Jan 14 10:25:52 2005 From: aegypten-issues at intevation.de (Bernhard Reiter) Date: Fri Jan 14 11:04:59 2005 Subject: [issue289] mutt leaves signed as on smime key even when openpgp used later Message-ID: <1105694752.08.0.577356797509.issue289@intevation.de> New submission from Bernhard Reiter : mutt compiled on 20041209 with patch-1.5.6cvs.g10.mdn.3 mutt-curses-redraw-20041127 mutt-aegypten-issue 261-20041120 mutt-crl-too-old-20041004 patch-1.5.6cvs.g10.gpgme.6 the bug could also be seen on earlier versions. Sometime the "sign as" setting is kept for the s/mime key even when I want to sign as openpgp by default. It happens when I receive smime emails, but I did not find out how to trigger it reliably yet. ---------- assignedto: werner messages: 1878 nosy: bernhard, moritz, werner priority: minor bug status: unread title: mutt leaves signed as on smime key even when openpgp used later topic: mutt ______________________________________________________ Aegypten issue tracker ______________________________________________________ From aegypten-issues at intevation.de Fri Jan 14 16:16:48 2005 From: aegypten-issues at intevation.de (Bernhard Reiter) Date: Fri Jan 14 16:12:56 2005 Subject: [issue290] make it possible to use gnupg groups from within mutt Message-ID: <1105715808.69.0.591252020598.issue290@intevation.de> New submission from Bernhard Reiter : Describe a way to use gnupg groups with mutt to send email to one list address that get encrypted to a gnupg alias group. ---------- assignedto: werner messages: 1879 nosy: bernhard, moritz, werner priority: wish status: unread title: make it possible to use gnupg groups from within mutt topic: mutt ______________________________________________________ Aegypten issue tracker ______________________________________________________ From wk at gnupg.org Fri Jan 14 17:00:51 2005 From: wk at gnupg.org (Werner Koch) Date: Fri Jan 14 18:25:06 2005 Subject: [issue290] make it possible to use gnupg groups from within mutt In-Reply-To: <1105715808.69.0.591252020598.issue290@intevation.de> (Bernhard Reiter's message of "Fri, 14 Jan 2005 15:16:48 +0000") References: <1105715808.69.0.591252020598.issue290@intevation.de> Message-ID: <87wtugf1ak.fsf@wheatstone.g10code.de> On Fri, 14 Jan 2005 15:16:48 +0000, Bernhard Reiter said: > Describe a way to use gnupg groups with mutt to send email > to one list address that get encrypted to a gnupg alias group. Use a cronjob to syncronize the gpg groups with ~/.aliases. From aegypten-issues at intevation.de Mon Jan 17 12:23:40 2005 From: aegypten-issues at intevation.de (Bernhard Reiter) Date: Mon Jan 17 12:19:47 2005 Subject: [issue291] gpg configure points to wrong download directory Message-ID: <1105961020.44.0.955726453857.issue291@intevation.de> New submission from Bernhard Reiter : gnupg-1.9.15: configure says: "*** You need libgpg-error to build this program. ** This library is for example available at *** ftp://ftp.gnupg.org/gcrypt/alpha/libgpg-error *** (at least version 1.0 is required.)" Of course only 0.7 can be get in the alpha directory. There might be another bug like this: cd gnupg-1.9.15 grep ftp.gnupg * [..] configure.ac:*** ftp://ftp.gnupg.org/gcrypt/alpha/libgpg-error configure.ac:*** ftp://ftp.gnupg.org/gcrypt/alpha/libgcrypt/ configure.ac:*** ftp://ftp.gnupg.org/gcrypt/alpha/libassuan/ configure.ac:*** ftp://ftp.gnupg.org/gcrypt/alpha/libksba/ [..] README: libgpg-error (ftp://ftp.gnupg.org/gcrypt/libgpg-error/) README: libgcrypt (ftp://ftp.gnupg.org/gcrypt/libgcrypt/) README: libassuan (ftp://ftp.gnupg.org/gcrypt/alpha/libassuan/) README: libksba (ftp://ftp.gnupg.org/gcrypt/alpha/libksba/) README:ftp://ftp.gnupg.org/gcrypt/pinentry/ . So libgcrypt might habe the same issue. ---------- assignedto: werner messages: 1884 nosy: bernhard, werner priority: minor bug status: unread title: gpg configure points to wrong download directory topic: gpg, gpgsm ______________________________________________________ Aegypten issue tracker ______________________________________________________ From bernhard at intevation.de Mon Jan 17 11:56:48 2005 From: bernhard at intevation.de (Bernhard Reiter) Date: Mon Jan 17 12:45:01 2005 Subject: KMail Instructions update? Message-ID: <20050117105648.GA29662@intevation.de> Hi Marc, just read the beginning of http://kmail.kde.org/kmail-pgpmime-howto.html Prerequisites You need KDE 3.3 (betas suffice) and GnuPG 1.2.x. KDE 3.4b or gnupg 1.4.0 should also work I assume, what about updating the document? This leads to the general question: How should updates to the document be done. I do not remember them being in CVS somewhere? Best, Bernhard -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 1637 bytes Desc: not available Url : /pipermail/attachments/20050117/d7a55e2d/smime.bin From bernhard at intevation.de Mon Jan 17 17:40:57 2005 From: bernhard at intevation.de (Bernhard Reiter) Date: Mon Jan 17 17:37:06 2005 Subject: gnupg configure not searching in /usr/local/ ? Message-ID: <20050117164057.GB8733@intevation.de> Got a feedback from one user: He installed all libraries fresh, but still ./configure of gnupg-1.9.15 did complain. It seems that it did not look in /usr/local/ libs though this was default target from make install in all those packages. Any hints? Is this likely to be a bug or a configuration or PATH issue on the specific platform? -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20050117/89bbed21/attachment.pgp From wk at gnupg.org Mon Jan 17 18:00:01 2005 From: wk at gnupg.org (Werner Koch) Date: Mon Jan 17 17:55:24 2005 Subject: gnupg configure not searching in /usr/local/ ? In-Reply-To: <20050117164057.GB8733@intevation.de> (Bernhard Reiter's message of "Mon, 17 Jan 2005 17:40:57 +0100") References: <20050117164057.GB8733@intevation.de> Message-ID: <87ekgkxa7i.fsf@wheatstone.g10code.de> On Mon, 17 Jan 2005 17:40:57 +0100, Bernhard Reiter said: > He installed all libraries fresh, but still ./configure of gnupg-1.9.15 > did complain. It seems that it did not look in /usr/local/ > libs though this was default target from make install That depends on his toolchain installation as well as the PATH setting. The default installation target has nothing to do with it; the default is always /usr/local. Salam-Shalom, Werner From bernhard at intevation.de Mon Jan 17 18:14:32 2005 From: bernhard at intevation.de (Bernhard Reiter) Date: Mon Jan 17 18:20:34 2005 Subject: gnupg configure not searching in /usr/local/ ? In-Reply-To: <87ekgkxa7i.fsf@wheatstone.g10code.de> References: <20050117164057.GB8733@intevation.de> <87ekgkxa7i.fsf@wheatstone.g10code.de> Message-ID: <20050117171432.GE8733@intevation.de> On Mon, Jan 17, 2005 at 06:00:01PM +0100, Werner Koch wrote: > On Mon, 17 Jan 2005 17:40:57 +0100, Bernhard Reiter said: > > > He installed all libraries fresh, but still ./configure of gnupg-1.9.15 > > did complain. It seems that it did not look in /usr/local/ > > libs though this was default target from make install > > That depends on his toolchain installation as well as the PATH > setting. The default installation target has nothing to do with it; > the default is always /usr/local. If this is the standard installation target, wouldn't it make sense to have it searched for libraries in a standard ./configure run? -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20050117/c28c1606/attachment.pgp From michaelnottebrock at gmx.net Mon Jan 17 17:07:50 2005 From: michaelnottebrock at gmx.net (Michael Nottebrock) Date: Mon Jan 17 18:20:44 2005 Subject: WebCVS AWOL? Message-ID: <200501171707.53514.michaelnottebrock@gmx.net> Just wanted to report that cvs.gnupg.org seems to be broken: cgi-bin/viewcvs.cgi isn't there. -- ,_, | Michael Nottebrock | lofi@freebsd.org (/^ ^\) | FreeBSD - The Power to Serve | http://www.freebsd.org \u/ | K Desktop Environment on FreeBSD | http://freebsd.kde.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : /pipermail/attachments/20050117/955bd48a/attachment.pgp From aegypten-issues at intevation.de Mon Jan 17 18:46:47 2005 From: aegypten-issues at intevation.de (Bernhard Herzog) Date: Mon Jan 17 18:42:56 2005 Subject: [issue292] "Missing Certificate" when validating with an as yet untrusted root Message-ID: <1105984007.89.0.80954735807.issue292@intevation.de> New submission from Bernhard Herzog : When trying to validate a certificate where the root certificate is not yet trusted, validation fails with "missing certificate". No ldap server is configured. All certificates of the certification chain have been imported. The allow-mark-trusted options is set in gpg-agent but it never asks the user whether the root is trusted. gpgsm 1.9.25 dirmngr 0.9.0 gpgme 1.0.2 Some watchgnupg debug output: 6 - 2005-01-17 18:31:46 dirmngr[18249]: DBG: checking distribution points 6 - 2005-01-17 18:31:46 dirmngr[18249]: DBG: fetching CRL from `ldap://ca.intevation.org/cn=Test-ZS 5, o=Intevation GmbH, c=DE?certificateRevocationList' 6 - 2005-01-17 18:31:46 dirmngr[18249]: LDAP Wrapper 18250 gestartet 6 - 2005-01-17 18:31:46 dirmngr[18249]: DBG: inserting CRL 6 - 2005-01-17 18:31:46 dirmngr[18249]: Die "Update Times" dieser CRL sind: this=20050113T165744 next=20050203T165744 6 - 2005-01-17 18:31:46 dirmngr[18249]: CRL Herausgeberzertifikat wird ?ber "authorityKeyIdentifier" geholt 6 - 2005-01-17 18:31:46 dirmngr[18249]: Fehler beim Holen des Zertifikats f?r den Issuer: Configuration error 6 - 2005-01-17 18:31:46 dirmngr[18249]: issuer certificate (#02/CN=Wurzel ZS 3,O=Intevation GmbH,C=DE) not found 6 - 2005-01-17 18:31:46 dirmngr[18249]: crl_parse_insert fehlgeschlagen: Missing certificate 6 - 2005-01-17 18:31:46 dirmngr[18249]: crl_cache_insert ?ber den DP fehlgeschlagen: Missing certificate 6 - 2005-01-17 18:31:46 dirmngr[18249]: Kommando ISVALID fehlgeschlagen: Missing certificate ---------- assignedto: werner messages: 1885 nosy: bh, werner priority: urgent status: unread title: "Missing Certificate" when validating with an as yet untrusted root topic: DirMngr, gpg-agent, gpgsm ______________________________________________________ Aegypten issue tracker ______________________________________________________ From wk at gnupg.org Mon Jan 17 18:55:17 2005 From: wk at gnupg.org (Werner Koch) Date: Mon Jan 17 18:55:23 2005 Subject: WebCVS AWOL? In-Reply-To: <200501171707.53514.michaelnottebrock@gmx.net> (Michael Nottebrock's message of "Mon, 17 Jan 2005 17:07:50 +0100") References: <200501171707.53514.michaelnottebrock@gmx.net> Message-ID: <87mzv8vt2y.fsf@wheatstone.g10code.de> On Mon, 17 Jan 2005 17:07:50 +0100, Michael Nottebrock said: > Just wanted to report that cvs.gnupg.org seems to be broken: > cgi-bin/viewcvs.cgi isn't there. Thanks, for noting. Fixed. Werner From wk at gnupg.org Mon Jan 17 18:56:49 2005 From: wk at gnupg.org (Werner Koch) Date: Mon Jan 17 18:55:31 2005 Subject: gnupg configure not searching in /usr/local/ ? In-Reply-To: <20050117171432.GE8733@intevation.de> (Bernhard Reiter's message of "Mon, 17 Jan 2005 18:14:32 +0100") References: <20050117164057.GB8733@intevation.de> <87ekgkxa7i.fsf@wheatstone.g10code.de> <20050117171432.GE8733@intevation.de> Message-ID: <87is5wvt0e.fsf@wheatstone.g10code.de> On Mon, 17 Jan 2005 18:14:32 +0100, Bernhard Reiter said: > If this is the standard installation target, wouldn't it make sense > to have it searched for libraries in a standard ./configure run? No. Because it would be a surprise if one package suddenly starts to behave differently. If you still think this is a good idea, try to convince the automake folks. Werner From aegypten-issues at intevation.de Tue Jan 18 18:44:31 2005 From: aegypten-issues at intevation.de (Bernhard Herzog) Date: Tue Jan 18 18:40:39 2005 Subject: [issue293] gpgsm debug output in signature Message-ID: <1106070271.69.0.459482608676.issue293@intevation.de> New submission from Bernhard Herzog : gpgsm seems to write its debug output into the wrong file in some situations. I have a log socket configured for gpgsm and the other backend components to write to. Nobody is listening on that socket though. The agent dutifully writes its debug output to stderr. gpgsm doesn't seem to do that and if a default-key is configured in gpgsm.conf, it writes the debug output into file descriptors used for assuan traffic. One result of that is that in mutt the debug output ends up in the signature of mutlipart/signed messages so that it's not a CMS object anymore. An attempt to verify such a signature gives the error: Error: verification failed: No CMS object Looking at the decoded signature reveals that it starts with debug info: gpgsm[17897]: DBG: adding certificates at level 1 gpgsm[17897]: DBG: get_keygrip for public key gpgsm[17897]: DBG: keygrip= D3 2E 74 97 40 D6 A7 53 99 0E C9 FA 2C 8B 9B 88 81 36 2F B1 gpgsm[17897.0x807ce70] DBG: -> S SIG_CREATED D 1 2 00 20050118T172429 800898435FB955AB40D74F0796D71979CD14F72C gpgsm[17897]: signature created ---------- assignedto: werner messages: 1892 nosy: bh, werner priority: bug status: unread title: gpgsm debug output in signature topic: gpgsm ______________________________________________________ Aegypten issue tracker ______________________________________________________ From aegypten-issues at intevation.de Wed Jan 19 19:08:03 2005 From: aegypten-issues at intevation.de (Bernhard Herzog) Date: Wed Jan 19 19:04:09 2005 Subject: [issue294] dirmngr uses 100% CPU Message-ID: <1106158083.11.0.122943555495.issue294@intevation.de> New submission from Bernhard Herzog : dirmngr 0.9.0 sometimes hangs with 100% CPU. At first I thought this was related to issue292, but it does seem to happen with the patch from Issue292 applied as well. Not sure under which circumstances this happens. ---------- assignedto: werner messages: 1896 nosy: bh, werner priority: bug status: unread title: dirmngr uses 100% CPU topic: DirMngr ______________________________________________________ Aegypten issue tracker ______________________________________________________ From aegypten-issues at intevation.de Fri Jan 21 15:14:53 2005 From: aegypten-issues at intevation.de (Bernhard Herzog) Date: Fri Jan 21 15:10:59 2005 Subject: [issue295] kmail encrypts entire mail though only attachment was to be encrypted Message-ID: <1106316893.1.0.278691566121.issue295@intevation.de> New submission from Bernhard Herzog : kdepim KDE_3_3_BRANCH + proko2 branch from 20050119 Open the composer for a new email. Add an attachment and some body test. Mark the attachment for encryption. No other part of the mail is to be encrypted, nothing is to be signed, in particular, the mail as a whole is not to be encrypted or signed. Send the mail. The mail actually sent is encrypted in its entirety, even the plain text part. ---------- assignedto: david messages: 1898 nosy: bh, david priority: bug status: unread title: kmail encrypts entire mail though only attachment was to be encrypted topic: KMail ______________________________________________________ Aegypten issue tracker ______________________________________________________ From mutz at kde.org Tue Jan 25 21:54:31 2005 From: mutz at kde.org (Marc Mutz) Date: Wed Jan 26 01:35:07 2005 Subject: gpg-agent && Debian Message-ID: <200501252154.37013.mutz@kde.org> Hi, From a KDE bug report: > ------ Additional Comment #45 From Debian KDE Maintainers 2005-01-25 21:00 > Debian is another distribution that will not be shipping GnuPG 1.9.x in our > upcoming release, and as such does not have gpg-agent available. Our users > thus lack full PGP support in KMail, without resorting to 3rd-party > packages. > > For this reason, we would welcome a patch, usable with the 3.3 branch as > well as HEAD, and ideally official but unofficial if necessary, that would > allow KMail to decrypt OpenPGP/MIME messages even if gpg-agent is absent. > Perhaps Gregorio Guidi's patch can serve as a starting point. > > Thanks, > Christopher Martin, on behalf of the Debian KDE Maintainers Werner, Marcus. Can you pick this up and prod Debian into shipping gpg-agent, even if they can't be persuaded into fixing their dependencies for kleopatra to point to a non-available package? Marc From aegypten-issues at intevation.de Wed Jan 26 19:03:17 2005 From: aegypten-issues at intevation.de (Bernhard Herzog) Date: Wed Jan 26 20:35:33 2005 Subject: [issue296] dirmngr doesn't use http_proxy Message-ID: <1106762597.49.0.107671964437.issue296@intevation.de> New submission from Bernhard Herzog : I'm using kontact to verify a mail that was signed with a certificate containing a HTTP CRL Distribution point. the environment variable http_proxy is set correctly (tested with lynx which does use the proxy). dirmngr doesn't use the proxy even though in Kontacts konfiguration the "use system HTTP proxy" radio button is selected. Not sure whether the bug is in kontact or the backend. The most likely reason is that the "honor http proxy" option is not set. Specifying an explicit http proxy with "use this proxy for HTTP requests" works fine AFAICT. ---------- assignedto: david messages: 1904 nosy: bh, david priority: bug status: unread title: dirmngr doesn't use http_proxy topic: DirMngr, KMail ______________________________________________________ Aegypten issue tracker ______________________________________________________ From aegypten-issues at intevation.de Thu Jan 27 04:46:54 2005 From: aegypten-issues at intevation.de (Howard) Date: Thu Jan 27 04:43:04 2005 Subject: [issue297] Modesto Bee Reporter - article exposing Health Message-ID: <809390062127.FID79226@yardstick.norikomail.com> New submission from Howard : Is your Wife in Pain? FDA report : http://suicide.callingcrawlercrainers.com E'n_0.u.g-h : http://tan.callingcrawlercrainers.com/please consonantal bourgeoisside delegate digacquiesce hearsay bestirringophiuchus sacrament conjugalhereunder quantitative obnoxiousexit desuetude campbelldevilish parkway extractorcoadjutor absolve bluebushmoslem juice pleistocenefun illiterate transfixproportion always beatificcheney equipping hearstturbidity ---------- messages: 1908 nosy: taswtqifethev status: unread title: Modesto Bee Reporter - article exposing Health ______________________________________________________ Aegypten issue tracker ______________________________________________________ From neil.dunbar at hp.com Fri Jan 28 13:48:54 2005 From: neil.dunbar at hp.com (Neil Dunbar) Date: Fri Jan 28 15:08:56 2005 Subject: Patch for userSMIMECertificate Message-ID: <200501281249.04428.neil.dunbar@hp.com> Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 190 bytes Desc: not available Url : /pipermail/attachments/20050128/231387dc/attachment-0001.pgp From wk at gnupg.org Fri Jan 28 16:35:19 2005 From: wk at gnupg.org (Werner Koch) Date: Fri Jan 28 16:35:32 2005 Subject: Patch for userSMIMECertificate In-Reply-To: <200501281249.04428.neil.dunbar@hp.com> (Neil Dunbar's message of "Fri, 28 Jan 2005 12:48:54 +0000") References: <200501281249.04428.neil.dunbar@hp.com> Message-ID: <87hdl14le0.fsf@wheatstone.g10code.de> On Fri, 28 Jan 2005 12:48:54 +0000, Neil Dunbar said: > attributes within entries while fetching from LDAP, so I've attached a diff > against 0.9.0 which adds the capability [Our directory stores > userSMIMECertificates to distinguish from our web client certificates]. Thanks, I'll have a look at it. > Also - I think that line 680 in ldap_wrapper (ldap.c) which reads ctrl-> refcount++ > should read: > if (ctrl) ctrl->refcount++ > since ctrl is not guaranteed to be non-NULL when entering the > ldap_wrapper CTRL should always be initialized; if not I have to check what's wrong. I'll check it. > Now the bad news: I can't get libksba (0.9.10) to parse the PKCS7 blob which > makes up a userSMIMECertificate - I just get "unsupported encoding" after the > first couple of calls to the PKCS7 parser. So, I had to use GnuTLS as the This is likely. Please give me a few days to fix this; I have a simliar bug outstanding anyway. Shalom-Salam, Werner From neil.dunbar at hp.com Fri Jan 28 17:03:51 2005 From: neil.dunbar at hp.com (Neil Dunbar) Date: Fri Jan 28 19:10:32 2005 Subject: Patch for userSMIMECertificate In-Reply-To: <87hdl14le0.fsf@wheatstone.g10code.de> References: <200501281249.04428.neil.dunbar@hp.com> <87hdl14le0.fsf@wheatstone.g10code.de> Message-ID: <200501281603.51346.neil.dunbar@hp.com> On Friday 28 January 2005 15:35, Werner Koch wrote: > On Fri, 28 Jan 2005 12:48:54 +0000, Neil Dunbar said: > > Also - I think that line 680 in ldap_wrapper (ldap.c) which reads > > ctrl-> refcount++ > > > should read: > > > > if (ctrl) ctrl->refcount++ > > > > since ctrl is not guaranteed to be non-NULL when entering the > > ldap_wrapper > > CTRL should always be initialized; if not I have to check what's > wrong. I'll check it. I only see it getting initialised in start_command_handler (server.c) for daemon and server mode and set to the assuan pointer. The chain seems to go main -> crl_cache_load -> crl_cache_insert -> crl_parse_insert -> get_issuer_cert -> get_cert_local Which, yielding nothing, will attempt an LDAP lookup, which causes ctrl->refcount to be incremented. Cheers, Neil