gpgsm: not checking root certificate

Werner Koch wk at
Tue Jul 27 10:03:51 CEST 2010

On Tue, 27 Jul 2010 09:15, smueller at said:

> I am unsure about your last statement. When we consider --debug-no-chain-
> validation and add the fingerprint to trustlist.txt, then we neither need a 
> code change to gpgsm nor the MD2 hash.

It was meant as

 1) Use --debug-no-chain-validation with --import.  To work with that
    root certificate the fingerprint needs to be put into trustlist.txt;
    but it should be sufficient to do this after the import.


 2) Change the import code to look at the trustlist.txt.  The proposed
    code changes would require that the user enters the fingerprint into
    trustlist.txt before importing.

> All I currently see is adding some information to the gpgsm man page about how 
> to handle root certificates based on MD2.

That might be the easiest way to accomplish it.  Would you mind to test
approach 1)?  I can then add this workaround to the docs.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list