gpgsm: Cert trouble GPG_ERR_NO_VALUE for GTE CyberTrust Global Root

Bernhard Reiter bernhard at intevation.de
Fri Apr 3 15:43:29 CEST 2009 

Am Freitag, 3. April 2009 14:20:10 schrieb Werner Koch:
> On Thu,  2 Apr 2009 14:28, bernhard at intevation.de said:
> > Something is wrong with
> > CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE
> > Corporation,C=US,serial#: 01A5
> > http://www.telesec.de/service/GTE-CyberTrust-Global-Root.der
> >
> > gpgsm 2.0.11 can import, but not use it.
> > The GPG_ERR_NO_VALUE is not conclusive.
> > What is going on?
>
> Here are the reasons for this error code:
>
> GPG_ERR_NO_VALUE                No value
>
>     GNUPG:  - A timestamp value is expect but there is none.
>     KSBA:   - A timestamp value is expect but there is none.
>             - A certificate is missing a required property.
>             - A CMS object is missing a required property.
>             - Converting a Distinguised Name to an RFC2253 string failed.
>
> I doubt that this will help you.  I'll check the certificate.

Thanks for the responses, yes, they do help me.

The certificate came out of a real use case and eat up time from real users.
The message "No value" is not enough for them and not for their supporting 
administrators to get the idea that the certificate is to blame
(as compared to other setting, e.g. validation and so on).

So even if the result would be as simple as "Certificate failing basic 
consistency checks" this would be very helpful. Then they could look up the 
documentation which could potentially read like
  
   The CMS implementation does a number of basic consistency checks
   before using a certificate. For 2.0.11 these checks for instance are about
   a) certificate length > X years
   b) no use of MD5 
   c)..
   The exact check parameters are subject to change for each version, if your
   certificate fails you should consult an expert. If you are the expert, 
   check the source code or user ./cert-basic from  libksba/tests 

Bernhard
-- 
Managing Director - Owner: www.intevation.net       (Free Software Company)
Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com.
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

More information about the Gnupg-devel mailing list