Page MenuHome GnuPG

gpgme: add option to disable S/MIME CRL checks
Closed, ResolvedPublic


It may sometimes be necessary to run gpgsm with CRL checks being disabled, e.g. in an isolated (no network) environment. Whilst this is trivial when running gpgsm interactively using the --disable-crl-check argument, I did not find an option to achieve this easily using gpgme. I know that I could add the option to gpgsm.conf, but this would of course affect all gpgsm operations which may not be intended.

I therefore suggest to extend the gpgme_set_ctx_flag() api to accept the options enable-crl-check and disable-crl-check which shall be ignored (or raise an error) for gpg contexts, and passes the respective option to gpgsm.

Event Timeline

If you want this to happen, then you should consider contributing a patch. Please see doc/HACKING for the formal requirements.

aheinecke claimed this task.
aheinecke added a subscriber: aheinecke.

Oh sorry I only saw this now. We have "gpgme_set_offline" for this use case which disables CRL checks in the S/MIME case. It is more general because it also disables OCSP for example and might disable more online actions like fetching chain certificates etc.

This is used for example by Kleopatra to do Keylistings without CRL checks.