GPGSM: Multiple issues reported to KMail
Open, NormalPublic

Description

This is an upstream report about: https://bugs.kde.org/show_bug.cgi?id=385687

Test data:

Test Name | Evaluation | Expected Result | Application result |

CERT_PATH_ALGO_STRENGTH_01|ERROR|INVALID|VALID|

Checks the behaviour of the application when an insecure hash algorithm has been used in the production of the intermediate certificate's signature. This path is not valid, because the hash algorithm is insecure.


CERT_PATH_ALGO_STRENGTH_02|ERROR|INVALID|VALID

Checks the behaviour of the application when an insecure hash algorithm has been used in the production of the target certificate's signature. This path is not valid, because the hash algorithm is insecure.


CERT_PATH_COMMON_05|ERROR|INVALID|n/a|

Checks the behaviour of the application when a certificate has a wrong DER encoding. This path is not valid, because the certificate is not a properly encoded structure.


CERT_PATH_COMMON_08|ERROR|INVALID|VALID

Checks the behaviour of the application when an intermediate certificate has expired (now > notAfter). This path is not valid, because one CA certificate has expired.


CERT_PATH_COMMON_10|ERROR|INVALID|VALID

Checks the behaviour of the application when the target certificate has expired (now > notAfter). This path is not valid, because the target certificate has expired.


CERT_PATH_COMMON_13|ERROR|VALID|INVALID

Checks the behaviour of the application when a self-issued certificate is found in the path. This path is not invalid, because self-issued certificates are allowed in the path and processing rules have been specified.


CERT_PATH_EMAIL_04|ERROR|INVALID|VALID

Checks the behaviour of an email client when the target certificate specifies an EKU other than emailProtection or anyExtendedKeyUsage. This path is invalid. When this extension is present, then it must contain one of those two values.


Next steps:
Look into the various issues through GPGME / command line and split this up into multiple tasks.