gpgsm: Cert trouble GPG_ERR_NO_VALUE for GTE CyberTrust Global Root

Bernhard Reiter bernhard at
Mon Apr 6 09:58:14 CEST 2009

Am Freitag, 3. April 2009 16:17:18 schrieb Werner Koch:
> On Fri,  3 Apr 2009 15:43, bernhard at said:
> > consistency checks" this would be very helpful. Then they could look up
> > the documentation which could potentially read like
> >
> >    The CMS implementation does a number of basic consistency checks
> >    before using a certificate. For 2.0.11 these checks for instance are
> > about a) certificate length > X years
>      [...]
> Basically you want a complete description of every error case in GnuPG.
> That is not going to happenn given the sheer amount of checks we do.

First I want a useful overview message, that states that the problem actually 
is within the internal certificate checks (and not with the chain or the CRLs 
or so).

Having an idea which kind of stuff is checked is a potential other step.

> There is this --audit feature I am working on and if this certain error
> will occur more often, it makes sense to add specific support for this.

Given that I have it twice in real support cases, having a "bad" certificate 
is a common case.

> FWIW, I started to write a list of error code usages in GnuPG et al.
> This will take quite some time to finish but eventualy if provide a
> useful cross reference.

Sounds useful!

Managing Director - Owner:       (Free Software Company)
Germany Coordinator: Coordinator:
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

More information about the Gnupg-devel mailing list