Page MenuHome GnuPG
Create Task
Maniphest T6353

gpgme: add option to disable S/MIME CRL checks
Closed, ResolvedPublic
Actions

Description

It may sometimes be necessary to run gpgsm with CRL checks being disabled, e.g. in an isolated (no network) environment. Whilst this is trivial when running gpgsm interactively using the --disable-crl-check argument, I did not find an option to achieve this easily using gpgme. I know that I could add the option to gpgsm.conf, but this would of course affect all gpgsm operations which may not be intended.

I therefore suggest to extend the gpgme_set_ctx_flag() api to accept the options enable-crl-check and disable-crl-check which shall be ignored (or raise an error) for gpg contexts, and passes the respective option to gpgsm.

Event Timeline

albrechtd created this task.Jan 23 2023, 9:08 AM
werner added a project: gpgme.Jan 31 2023, 10:01 AM
ikloecker added a subscriber: ikloecker.Jan 31 2023, 12:05 PM

If you want this to happen, then you should consider contributing a patch. Please see doc/HACKING for the formal requirements.

aheinecke closed this task as Resolved.Feb 22 2023, 1:14 PM
aheinecke claimed this task.
aheinecke added a subscriber: aheinecke.

Oh sorry I only saw this now. We have "gpgme_set_offline" for this use case which disables CRL checks in the S/MIME case. It is more general because it also disables OCSP for example and might disable more online actions like fetching chain certificates etc.

This is used for example by Kleopatra to do Keylistings without CRL checks.