[Aegypten] Bogus messages about certificates?
Ingo Klöcker
kloecker@kde.org
Mon Sep 30 21:11:03 2002
--Boundary-02=_D0Jm9Jywj8zLhRZ
Content-Type: text/plain;
charset="iso-8859-15"
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline
On Monday 30 September 2002 18:20, Jan-Oliver Wagner wrote:
> On Sat, Sep 28, 2002 at 12:45:46PM +0200, Ingo Kl=F6cker wrote:
> > Then I'm told that the root certificate I want to use for signing
> > expires in 10 days. Huh? In OpenPGP there is no root certificate.
> >
> > Then I'm told that the CA certificate I want to use for signing
> > expires in 10 days. Huh? In OpenPGP there is also no CA
> > certificate.
>
> This is a buggy behaviour. We'll try to fix it.
There are two possible ways to fix this. Either check in KMail if the=20
OpenPGP plugin is used and in this case omit the check of the root and=20
the CA certificate. Or implement the functions
int caCertificateDaysLeftToExpiry( const char* certificate )
and
int rootCertificateDaysLeftToExpiry( const char* certificate )
in gpgmeplug.c and make them return
CRYPTPLUG_CERT_DOES_NEVER_EXPIRE
in case of the OpenPGP plugin.
As you have all kinds of capabilities #defined in gpgme-openpgp.c and=20
gpgme-smime.c you might want to add a GPGMEPLUG_..._ROOT_EXPIRY and a=20
GPGMEPLUG_..._CA_EXPIRY capability which is 1 for S/MIME and 0 for=20
OpenPGP.
Regards,
Ingo
--Boundary-02=_D0Jm9Jywj8zLhRZ
Content-Type: application/pgp-signature
Content-Description: signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
iD8DBQA9mJ0DGnR+RTDgudgRAgYFAKCfqh7AG/h7ly6jY3hgKpPiWpipugCfbyro
lvvOMwtKt8O7sZPwue5KSTQ=
=G/GK
-----END PGP SIGNATURE-----
--Boundary-02=_D0Jm9Jywj8zLhRZ--