gpgsm: Cannot decrypt with expired certificate for CRL
aheinecke at gnupg.org
Tue Mar 26 07:52:02 CET 2019
On Monday 25 March 2019 10:42:52 CET Jens Lechtenboerger wrote:
> Yes, CRLs should not be signed with expired certificates. However,
> is the fact that gpgsm prevents me from using my certificate a bug
> or a feature?
For decrypt I would say: It's a bug. You should always be able to decrypt
something for which you have the secret key IMO.
> As workaround I now have disable-crl-checks in my gpgsm.conf.
> Should I file a bug report?
Yes please. Ideally with an example certificate chain + test cert attached :-)
GnuPG.com - a brand of g10 Code, the GnuPG experts.
g10 Code GmbH, Erkrath/Germany, AG Wuppertal HRB14459
GF Werner Koch, USt-Id DE215605608, www.g10code.com.
GnuPG e.V., Rochusstr. 44, D-40479 Düsseldorf. VR 11482 Düsseldorf
Vorstand: W.Koch, M.Gollowitzer, A.Heinecke. Mail: board at gnupg.org
Finanzamt D-Altstadt, St-Nr: 103/5923/1779. Tel: +49-2104-4938799
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 228 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-devel