gpgsm: Cannot decrypt with expired certificate for CRL
Rainer Perske
rainer.perske at uni-muenster.de
Mon Mar 25 16:41:01 CET 2019
Hello, everyone,
the problem reported by Jens Lechtenboerger is solved:
In this special case my patch that was added to GnuPG 2.2.2, see
<https://dev.gnupg.org/T1644>, did not help because his keyring
contained only the old, revoked certificate and not the new, unrevoked
one. So my patch could not select the newer certificate.
The specific problem with multiple CA certificates with the same key in
the "old" DFN PKI "Global" hierarchy will disappear on July 9th 23:59
UTC because then the root certificate expires.
The general problem that GnuPG has problems handling multiple
certificates with the same key persists (see T1644) , but fixing this
would require a major effort for a quite rare edge case.
Best greetings
--
Rainer Perske
Abteilung Systembetrieb und Leiter der Zertifizierungsstelle (WWUCA)
Zentrum für Informationsverarbeitung (Universitätsrechenzentrum)
Westfälische Wilhelms-Universität
Zentrum für Informationsverarbeitung
Rainer Perske
Röntgenstraße 7-13
48149 Münster
Tel.: +49 251 83-31582
Fax.: +49 251 83-31555
E-Mail: rainer.perske at uni-muenster.de
WWW: https://www.uni-muenster.de/ZIV/Mitarbeiter/RainerPerske.shtml
Büro: Raum 006, Röntgenstraße 11
Lageplan: http://wwwuv2.uni-muenster.de/uniplan/?action=spot&gebnr=7474
Zertifizierungsstelle der Universität Münster (WWUCA):
Tel.: +49 251 83-31590
Fax.: +49 251 83-31555
E-Mail: ca at uni-muenster.de
WWW: https://www.uni-muenster.de/WWUCA/
Zentrum für Informationsverarbeitung (ZIV):
Tel.: +49 251 83-31600 (Mo-Fr 7:30-17:30 Uhr)
Fax.: +49 251 83-31555
E-Mail: ziv at uni-muenster.de
WWW: https://www.uni-muenster.de/ZIV/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6807 bytes
Desc: S/MIME cryptographic signature
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20190325/e2e9634f/attachment.bin>
More information about the Gnupg-devel
mailing list