[GPGSM][GPGME] thawte freemail certificates?
smenzel at gmx-gmbh.de
Tue Apr 22 09:24:42 CEST 2008
Am Montag, 21. April 2008 21:18:32 schrieb Ron Rogers Jr.:
> > This mail is signed with one of them vicious Thawte
> > Certificates. Is there a way to have it verified with or
> > without checking CRLs so validity is "valid" and not longer
> > "unknown"?
> The sample checks out fine for me: "Good signature from Thawte
> Freemail Member", using Claws-Mail with gpgme/gpgsm S/MIME
> plugin. Can you verify my S/MIME signature?
Yes, I can, but under the same limitations. When I
activate "disable-crl-checks" it is green, when I don't it's yellow. Same now
with gpgme! I realized yesterday after working on this bugger for 4 days that
I do the validation remote on a different machine, which I forgot and kept
wondering why my local changes had no effect whatsoever ;-) Given that I
wrote that remote daemon and set up this architecture long ago it gives me a
new impression about the meaning of the word irony.
Anyway, i think given the way those thawte certificates are made, the above
behaviour is how it should be: The CRL can't be checked because it's not
specified in the certificate and so the signature is only valid as long as I
trust the certificate and disable CRL checks.
Or am I wrong here?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-users