Page MenuHome GnuPG
Create Task
Maniphest T719

gpgsm confuses cert with issuer cert
Closed, ResolvedPublic
Actions

Description

This is weird. GPGSM seems to confuse a cert with an issuer cert.

The following two certificates have been created with openssl and the demo
snakeoil CA. Both certificates seem to be valid. But when importing the
floppy-bad.crt *before* importing the issuer certificate, all future
gpgsm_basic_cert_check() operations on certificates signed by this CA fail,
because GPGSM uses the floppy-bad.crt public key to verify the signature,
instead of the issuer public key (even if the issuer public key is imported, as
long as it is imported after floppy-bad.crt).

Details

Version
SVN 2006-11-07

Event Timeline

marcus added projects: libksba, Bug Report.Nov 7 2006, 6:33 PM
marcus set Version to SVN 2006-11-07.
marcus added subscribers: marcus, werner.
marcus added a comment.Nov 7 2006, 7:08 PM

98_gpgsm-floppy-test.tgz8 KBDownload

werner added a comment.Nov 15 2006, 9:12 AM

The problem is due to an incosnsistent CA. Running with --debug 1 will give
more clues on this. Solved by direct discussion, thus closing.

werner closed this task as Resolved.Nov 15 2006, 9:12 AM