gpgsm certificate validity
Werner Koch
wk at gnupg.org
Tue Aug 23 10:36:23 CEST 2011
On Tue, 23 Aug 2011 09:39, yyy at yyy.id.lv said:
> For some certificates gpgsm asks during import, whether to trust them
> (and if confirmed, add entry to trustlist.txt automatically). Is it
> possible to make gpgsm to ask whether to trust it, for any certificate?
It does that for all proper certificates. We can't handle all kinds of
bogus root certificates; there is a reason why PKIX demands certain
certificate attributes.
Actually we do handle another kind of those certs: For qualified
signatures, some countries issue root certificates which would not pass
the usual checks - thus if such a root certificate is listed in the
qualified.txt file, we do the relaxed checking but OTOH annoy you with
additional prompts.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users
mailing list