Attempt to verify Thawte signature
Werner Koch
wk@gnupg.org
Wed Aug 13 09:52:02 2003
On Fri, 4 Jul 2003 23:04:45 +0200, Bernhard Reiter said:
> Saw an email by someone with a Thawte Freemail certificate
> and tried to make it possible to verify it.
> 2003-07-04 23:01:56 [6936] DBG: digest algo: 1.2.840.113549.1.1.4
> 2003-07-04 23:01:56 [6936] DBG: Inquiring CN=Personal Freemail RSA 2000.8.30,OU=Certificate Services,O=Thawte,L=Cape Town,ST=Western Cape,C=ZA
> 2003-07-04 23:01:56 [6936] Error in assuan_inquire(), rc = 3
The problem was a too short buffer in Assuan, so that assuan_inquire
returned with "invaldid value" and did not even call back to gpgsm.
Printing numerical error codes is not the best solution: When I first
looked at it, I assumed that this is an internal dirmngr error and not
an assuan code becuase we have this nice assuan_strerror () ;-)
I fixed that in CVS and it is now possible to load the CRL.
However, we should decide how to go: I have changed dirmngr to work
with the libgcrypt (1.1.42 with the changed API) and I don't think
that it is a good idea to go back to the old Libgcrypt version because
we don't want to support that anymore. There won't be any conflicts
using both Libgcrypt versions on one system. While we are already
changing tyhe requirements for dirmngr I would also like to drop the
source copied Assuan code and make use of the separate static
libassuan which will make it easier for us to maintain the Assuan
code.
If this is okay, I can release a dirmngr 0.5 today.
Salam-Shalom,
Werner
--
Werner Koch <wk@gnupg.org>
The GnuPG Experts http://g10code.com
Free Software Foundation Europe http://fsfeurope.org