gpgsm: not checking root certificate
smueller at chronox.de
Tue Jul 27 10:25:49 CEST 2010
Am Dienstag, 27. Juli 2010, um 10:03:51 schrieb Werner Koch:
> On Tue, 27 Jul 2010 09:15, smueller at chronox.de said:
> > I am unsure about your last statement. When we consider --debug-no-chain-
> > validation and add the fingerprint to trustlist.txt, then we neither need
> > a code change to gpgsm nor the MD2 hash.
> It was meant as
> 1) Use --debug-no-chain-validation with --import. To work with that
> root certificate the fingerprint needs to be put into trustlist.txt;
> but it should be sufficient to do this after the import.
> 2) Change the import code to look at the trustlist.txt. The proposed
> code changes would require that the user enters the fingerprint into
> trustlist.txt before importing.
> > All I currently see is adding some information to the gpgsm man page
> > about how to handle root certificates based on MD2.
> That might be the easiest way to accomplish it. Would you mind to test
> approach 1)? I can then add this workaround to the docs.
Sure, can do that, but give me a bit of time.
| Cui bono? |
More information about the Gnupg-devel