gpgsm: Cannot decrypt with expired certificate for CRL
Andre Heinecke
aheinecke at gnupg.org
Tue Mar 26 07:52:02 CET 2019
Hi,
On Monday 25 March 2019 10:42:52 CET Jens Lechtenboerger wrote:
> Yes, CRLs should not be signed with expired certificates. However,
> is the fact that gpgsm prevents me from using my certificate a bug
> or a feature?
For decrypt I would say: It's a bug. You should always be able to decrypt
something for which you have the secret key IMO.
> As workaround I now have disable-crl-checks in my gpgsm.conf.
>
> Should I file a bug report?
Yes please. Ideally with an example certificate chain + test cert attached :-)
Thanks,
Andre
--
GnuPG.com - a brand of g10 Code, the GnuPG experts.
g10 Code GmbH, Erkrath/Germany, AG Wuppertal HRB14459
GF Werner Koch, USt-Id DE215605608, www.g10code.com.
GnuPG e.V., Rochusstr. 44, D-40479 Düsseldorf. VR 11482 Düsseldorf
Vorstand: W.Koch, M.Gollowitzer, A.Heinecke. Mail: board at gnupg.org
Finanzamt D-Altstadt, St-Nr: 103/5923/1779. Tel: +49-2104-4938799
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20190326/64d2a408/attachment.sig>
More information about the Gnupg-devel
mailing list