Next step: now KMail freezes

bsmaillist at skynet.be bsmaillist at skynet.be
Wed Jul 28 18:39:46 CEST 2004 

On Wednesday 28 July 2004 13:03, Werner Koch wrote:
>  gpgsm --list-sig --with-validation
>  C37003D68A2A592A1E8B147E1C6AD9C6C7E1F459

This is my gpgsm.conf file.
"
debug-level basic
agent-program /usr/local/bin/gpg-agent
dirmngr-program /usr/local/bin/dirmngr
#disable-crl-checks
"

I get two different results depending on whether I enable CRL checking (result 
#1) or disable CRL checking (result #2).


What I don't understand is that KMail freezes when CRL checking is disabled 
but the test with "gpgsm --list-sig ... " shows a problem when CRL checking 
enabled.

Here's the result #1 (CRL checking enabled).

"
Secure memory is not locked into core
gpgsm: NOTE: THIS IS A DEVELOPMENT VERSION!
gpgsm: It is only intended for test purposes and should NOT be
gpgsm: used in a production environment or with production keys!
/home/user/.gnupg/pubring.kbx
-----------------------------
Serial number: 01
       Issuer: /CN=BS Root CA/OU=RD/O=Privaat/L=Donk/ST=Limburg/C=BE
      Subject: /CN=Bart Symons/EMail=bart.symons at skynet.be
          aka: bart.symons at skynet.be
     validity: 2004-07-18 22:05:52 through 2006-07-18 22:05:52
     key type: 1024 bit RSA
ext key usage: clientAuth (suggested), emailProtection (suggested)
  fingerprint: C3:70:03:D6:8A:2A:59:2A:1E:8B:14:7E:1C:6A:D9:C6:C7:E1:F4:59
gpgsm: no running dirmngr - starting one
dirmngr[4134]: error opening `/home/user/.gnupg/dirmngr_ldapservers.conf': No 
such file or directory
gpgsm: DBG: connection to dirmngr established
dirmngr[4134]: no CRL available for issuer 
`E03456F86E593E743CAD38F8DCCEC2C08071F46A'
  [checking the CRL failed: Unknown system error]
  [certificate is bad: Unknown system error]
Certified by
Serial number: 00
       Issuer: /CN=BS Root CA/OU=RD/O=Privaat/L=Donk/ST=Limburg/C=BE
      Subject: /CN=BS Root CA/OU=RD/O=Privaat/L=Donk/ST=Limburg/C=BE
     validity: 2004-07-18 22:04:50 through 2014-07-16 22:04:50
     key type: 2048 bit RSA
 chain length: unlimited
  fingerprint: 4C:8B:25:A5:4F:2D:F6:A5:A4:BC:C4:90:7C:45:A0:81:3F:85:09:F5
gpgsm: DBG: connection to agent established
  [checking the CRL failed: Assuan server fault]
  [certificate is bad: Assuan server fault]
"

Here's the result #2 (CRL checking disabled).

"
Secure memory is not locked into core
gpgsm: NOTE: THIS IS A DEVELOPMENT VERSION!
gpgsm: It is only intended for test purposes and should NOT be
gpgsm: used in a production environment or with production keys!
/home/user/.gnupg/pubring.kbx
-----------------------------
Serial number: 01
       Issuer: /CN=BS Root CA/OU=RD/O=Privaat/L=Donk/ST=Limburg/C=BE
      Subject: /CN=Bart Symons/EMail=bart.symons at skynet.be
          aka: bart.symons at skynet.be
     validity: 2004-07-18 22:05:52 through 2006-07-18 22:05:52
     key type: 1024 bit RSA
ext key usage: clientAuth (suggested), emailProtection (suggested)
  fingerprint: C3:70:03:D6:8A:2A:59:2A:1E:8B:14:7E:1C:6A:D9:C6:C7:E1:F4:59
gpgsm: DBG: connection to agent established
  [certificate is good]
Certified by
Serial number: 00
       Issuer: /CN=BS Root CA/OU=RD/O=Privaat/L=Donk/ST=Limburg/C=BE
      Subject: /CN=BS Root CA/OU=RD/O=Privaat/L=Donk/ST=Limburg/C=BE
     validity: 2004-07-18 22:04:50 through 2014-07-16 22:04:50
     key type: 2048 bit RSA
 chain length: unlimited
  fingerprint: 4C:8B:25:A5:4F:2D:F6:A5:A4:BC:C4:90:7C:45:A0:81:3F:85:09:F5
  [certificate is good]

secmem usage: 1344/16384 bytes in 2 blocks
"

More information about the Gpa-dev mailing list