gpgsm: Cert trouble GPG_ERR_NO_VALUE for GTE CyberTrust Global Root

Bernhard Reiter bernhard at
Fri Apr 3 13:21:27 CEST 2009

Am Donnerstag, 2. April 2009 14:28:20 schrieb Bernhard Reiter:
> Something is wrong with
> CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE
> Corporation,C=US,serial#: 01A5
> gpgsm 2.0.11 can import, but not use it.
> The GPG_ERR_NO_VALUE is not conclusive.
> What is going on?

Looks like some check in gpg-agent rejects that certificate.
gpg-agent[4432.8] DBG: <- ISTRUSTED 97817950D81C9670CC34D809CF794431367EF474
gpg-agent[4432.8] DBG: -> ERR 67108962 Nicht vertrauenswürdig <GPG Agent>
gpgsm: can't encrypt to `GTE': No value

Some user reported that "relax" for the trustlist.txt might help, I am going 
to test this next. Already the documentation for what relax does is a bit 
fuzzy on this and so is the status message. "Not trusted, failing check" 
would be much better.  Shall I open an issue for this already?

Note that there are a lot of SMIME users with this certificate around, 
though it certainly is not the best certificate someone could get.

> See the following session:
>   rm -r dot.gnupg/
>   mkdir dot.gnupg
>   LANGUAGE=C GPGHOME=dot.gnupg gpgsm --no-common-certs-import --list-keys

Typo in the script should have been GNUPGHOME of course (I did set it in the 
environement before this is why my typo still gave me the right behaviour.. 
sorry for the potential confusion.)


Managing Director - Owner:       (Free Software Company)
Germany Coordinator: Coordinator:
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

More information about the Gnupg-devel mailing list