gpgsm: not checking root certificate
wk at gnupg.org
Tue Jul 27 10:03:51 CEST 2010
On Tue, 27 Jul 2010 09:15, smueller at chronox.de said:
> I am unsure about your last statement. When we consider --debug-no-chain-
> validation and add the fingerprint to trustlist.txt, then we neither need a
> code change to gpgsm nor the MD2 hash.
It was meant as
1) Use --debug-no-chain-validation with --import. To work with that
root certificate the fingerprint needs to be put into trustlist.txt;
but it should be sufficient to do this after the import.
2) Change the import code to look at the trustlist.txt. The proposed
code changes would require that the user enters the fingerprint into
trustlist.txt before importing.
> All I currently see is adding some information to the gpgsm man page about how
> to handle root certificates based on MD2.
That might be the easiest way to accomplish it. Would you mind to test
approach 1)? I can then add this workaround to the docs.
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-devel