gpgsm: Cert trouble GPG_ERR_NO_VALUE for GTE CyberTrust Global Root
bernhard at intevation.de
Fri Apr 3 15:43:29 CEST 2009
Am Freitag, 3. April 2009 14:20:10 schrieb Werner Koch:
> On Thu, 2 Apr 2009 14:28, bernhard at intevation.de said:
> > Something is wrong with
> > CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE
> > Corporation,C=US,serial#: 01A5
> > http://www.telesec.de/service/GTE-CyberTrust-Global-Root.der
> > gpgsm 2.0.11 can import, but not use it.
> > The GPG_ERR_NO_VALUE is not conclusive.
> > What is going on?
> Here are the reasons for this error code:
> GPG_ERR_NO_VALUE No value
> GNUPG: - A timestamp value is expect but there is none.
> KSBA: - A timestamp value is expect but there is none.
> - A certificate is missing a required property.
> - A CMS object is missing a required property.
> - Converting a Distinguised Name to an RFC2253 string failed.
> I doubt that this will help you. I'll check the certificate.
Thanks for the responses, yes, they do help me.
The certificate came out of a real use case and eat up time from real users.
The message "No value" is not enough for them and not for their supporting
administrators to get the idea that the certificate is to blame
(as compared to other setting, e.g. validation and so on).
So even if the result would be as simple as "Certificate failing basic
consistency checks" this would be very helpful. Then they could look up the
documentation which could potentially read like
The CMS implementation does a number of basic consistency checks
before using a certificate. For 2.0.11 these checks for instance are about
a) certificate length > X years
b) no use of MD5
The exact check parameters are subject to change for each version, if your
certificate fails you should consult an expert. If you are the expert,
check the source code or user ./cert-basic from libksba/tests
Managing Director - Owner: www.intevation.net (Free Software Company)
Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com.
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
More information about the Gnupg-devel