Page MenuHome GnuPG
Create Task
Maniphest T6807

Kleo shows 3 certs in a chain while there are only two
Testing, NormalPublic
Actions

Description

If you list a certificate which is a direct descendant of the root certificate the certificate view in kleopatra shows:

-> root
    -> root
         -> cert

thus the root is inserted in the view twice. I added a test option to gpgme's run-keylist which uses the correct algorithm starting at cert:

next_cert: 
/* List the certificate and save the chain_id. */
[...]

if (chain_id && *chain_id
    && (!last_chain_id || strcmp (last_chain_id, chain_id)))
  {
    if (++with_chain > 30)
      {
        fprintf (stderr, PGM ": certificate chain too long - circle?\n");
        exit (1);
      }

    free (last_chain_id);
    last_chain_id = xstrdup (chain_id);
    err = gpgme_op_keylist_start (ctx, chain_id, 0);
    fail_if_err (err);
    goto next_cert;
  }

Revisions and Commits

rLIBKLEO Libkleo
rLIBKLEO6b5726c3f541 Don't list the root of a two certificate chain twice

Related Objects

Event Timeline

werner triaged this task as Normal priority.Nov 10 2023, 10:04 AM
werner created this task.
ikloecker claimed this task.Dec 4 2023, 4:21 PM
ikloecker added a subscriber: ikloecker.

Which certificate list? The list in the main view? Or the certificate list of a smart card?

In the certificate list in the main view I see "Berta Boss" and "Edward.Tester" immediately below "g10 Code TEST CA 2019".

Wait in the Trust Chain Details the root is listed twice. Did you mean this certificate list?

ikloecker added a commit: rLIBKLEO6b5726c3f541: Don't list the root of a two certificate chain twice.Dec 4 2023, 5:03 PM
ikloecker added a comment.Dec 4 2023, 5:05 PM

Fixed. This regression was introduced with the fix for T5697: Kleopatra: Crashes or hangs on circular certificate chains.

ikloecker changed the task status from Open to Testing.Dec 4 2023, 5:06 PM
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.