CRL checks with gpgsm
timotheus
timotheus at tstotts.net
Fri Jul 27 13:28:27 CEST 2007
Werner Koch <wk at gnupg.org> writes:
> On Fri, 27 Jul 2007 02:45, timotheus at tstotts.net said:
>
>>> What should go into this file? According to other posts, perhaps:
>>> server:port:::o=organization,c=domain
>
>>From the dirmngr manual:
>
Got it.
>
>> The freemail certificate requires that
>> http://crl.thawte.com/ThawtePersonalFreemailCA.crl
>> be fetched and checked. But also,
>> http://crl.thawte.com/ThawtePersonalFreemailIssuingCA.crl
>> must be fetched for the intermediate certificate.
>
> Does the intermediate CA specify this one as a DP? Use gpgsm
> --dump-chain to check.
>
Apparently the root certificate is missing crlDP; and the issuing CA
specifies the crlDP for its parent.... Silly Thawte...
-timotheus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
Url : /pipermail/attachments/20070727/2d370977/attachment.pgp
More information about the Gnupg-users
mailing list