gpgsm: Cert trouble GPG_ERR_NO_VALUE for GTE CyberTrust Global Root
Bernhard Reiter
bernhard at intevation.de
Fri Apr 3 13:21:27 CEST 2009
Am Donnerstag, 2. April 2009 14:28:20 schrieb Bernhard Reiter:
> Something is wrong with
> CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE
> Corporation,C=US,serial#: 01A5
> http://www.telesec.de/service/GTE-CyberTrust-Global-Root.der
>
> gpgsm 2.0.11 can import, but not use it.
> The GPG_ERR_NO_VALUE is not conclusive.
> What is going on?
Looks like some check in gpg-agent rejects that certificate.
gpg-agent[4432.8] DBG: <- ISTRUSTED 97817950D81C9670CC34D809CF794431367EF474
gpg-agent[4432.8] DBG: -> ERR 67108962 Nicht vertrauenswürdig <GPG Agent>
gpgsm: can't encrypt to `GTE': No value
Some user reported that "relax" for the trustlist.txt might help, I am going
to test this next. Already the documentation for what relax does is a bit
fuzzy on this and so is the status message. "Not trusted, failing check"
would be much better. Shall I open an issue for this already?
Note that there are a lot of SMIME users with this certificate around,
though it certainly is not the best certificate someone could get.
> See the following session:
>
> rm -r dot.gnupg/
> mkdir dot.gnupg
> LANGUAGE=C GPGHOME=dot.gnupg gpgsm --no-common-certs-import --list-keys
Typo in the script should have been GNUPGHOME of course (I did set it in the
environement before this is why my typo still gave me the right behaviour..
sorry for the potential confusion.)
Bernhard
--
Managing Director - Owner: www.intevation.net (Free Software Company)
Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com.
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
More information about the Gnupg-devel
mailing list