Page MenuHome GnuPG

Kleo shows 3 certs in a chain while there are only two
Testing, NormalPublic

Description

If you list a certificate which is a direct descendant of the root certificate the certificate view in kleopatra shows:

-> root
    -> root
         -> cert

thus the root is inserted in the view twice. I added a test option to gpgme's run-keylist which uses the correct algorithm starting at cert:

next_cert: 
/* List the certificate and save the chain_id. */
[...]

if (chain_id && *chain_id
    && (!last_chain_id || strcmp (last_chain_id, chain_id)))
  {
    if (++with_chain > 30)
      {
        fprintf (stderr, PGM ": certificate chain too long - circle?\n");
        exit (1);
      }

    free (last_chain_id);
    last_chain_id = xstrdup (chain_id);
    err = gpgme_op_keylist_start (ctx, chain_id, 0);
    fail_if_err (err);
    goto next_cert;
  }

Event Timeline

werner created this task.
ikloecker mentioned this in Unknown Object (Event).Nov 13 2023, 9:10 AM
ikloecker mentioned this in Unknown Object (Event).Nov 20 2023, 8:43 AM
ikloecker mentioned this in Unknown Object (Event).Dec 4 2023, 9:19 AM
ikloecker added a subscriber: ikloecker.

Which certificate list? The list in the main view? Or the certificate list of a smart card?

In the certificate list in the main view I see "Berta Boss" and "Edward.Tester" immediately below "g10 Code TEST CA 2019".

Wait in the Trust Chain Details the root is listed twice. Did you mean this certificate list?

ikloecker changed the task status from Open to Testing.Dec 4 2023, 5:06 PM
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker mentioned this in Unknown Object (Event).Dec 11 2023, 8:57 AM