Page MenuHome GnuPG
Create Task
Maniphest T7349

Kleopatra: inconsistent behavior of "Trust root certificate"
Testing, NormalPublic
Actions

Description

When you import a X.509 root certificate a dialog opens asking if you wants to trust the CA and it's fingerprint is shown for comparison.
(This only happens for the first import of such a certificate, deletion and re-import does not work.)

But when you abort that action and don't mark the certificate as trusted you can then do right-click -> "Trust root certificate" and the certificate is marked as trusted immediately. No dialog is opened and no fingerprint is shown.

This is inconsistent. The right-click action should behave the same as the dialog on import.

Details

Version
gpg4win-Beta-64

Revisions and Commits

rLIBKLEO Libkleo
rLIBKLEOe101d8851f8f Add function returning the list of attributes of a DN
rKLEOPATRA Kleopatra
rKLEOPATRA01c7c60aad7a Ask the same questions as gpgsm when (dis)trusting root certificates
rKLEOPATRA16f955696a37 Remove unnecessary constructors and member functions

Related Objects

Event Timeline

ebo created this task.Thu, Oct 24, 3:09 PM
werner added a subscriber: werner.Thu, Oct 24, 3:59 PM

iirc, Kleopatra modifies the trustlist.txt on its own. The import case is handled by gpgsm which pops up boths dialogs.
Kleopatra should also not offer to add a root CA if gpg-agent's mark-trusted feature has been disabled.

(the trustlist.txt is independent of the certificate because gpgsm migh retrieve the cert from other places)

ikloecker added a comment.Fri, Oct 25, 9:41 AM
In T7349#192860, @werner wrote:

Kleopatra should also not offer to add a root CA if gpg-agent's mark-trusted feature has been disabled.

I have added T7350: Kleopatra: Don't offer "Trust root certificate" if users are not allowed to do this to fix this.

ikloecker added a comment.Fri, Oct 25, 10:11 AM

I just saw that gpg-agent has a MARKTRUSTED command which takes care of asking the question and of modifying the trustlist.txt. I guess it makes sense that Kleopatra uses this command for the "Trust root certificate" action.

Using it also for the "Distrust root certificate" action could be a bit confusing because the user is asked the same question "Do you ultimately trust FINGERPRINT to correctly certify user certificates?" and needs to answer "No" to mark the root certificate as not trusted. This could be made more user friendly by extending the MARKTRUSTED command to support an additional flag value (e.g. '!' or some letter other than P and S) which would then make the agent ask the user if they want to distrust the certificate.

ebo triaged this task as Normal priority.Fri, Oct 25, 4:28 PM
ebo added a project: gpd5x.
ikloecker claimed this task.Mon, Oct 28, 10:38 AM
ikloecker moved this task from Backlog to WIP on the gpd5x board.
ikloecker added a commit: rLIBKLEOe101d8851f8f: Add function returning the list of attributes of a DN.Tue, Oct 29, 3:13 PM
ikloecker added a commit: rKLEOPATRA16f955696a37: Remove unnecessary constructors and member functions.Tue, Oct 29, 3:25 PM
ikloecker added a commit: rKLEOPATRA01c7c60aad7a: Ask the same questions as gpgsm when (dis)trusting root certificates.
ikloecker changed the task status from Open to Testing.Tue, Oct 29, 4:39 PM

Fixed.

Kleopatra now asks the same questions as the GnuPG backend. The choices the user can make are a bit different because the user already told Kleopatra that they want to trust (or distrust) a root certificate. Therefore, the first dialog only has "Yes" and "Cancel". And the fingerprint dialog (which is only shown for Trust but not for Distrust) only has "Correct" and "Wrong". Another difference is that in GnuPG clicking "Wrong" makes GnuPG mark the certificate as untrusted (which is a bit surprising). In Kleopatra the certificate is left unchanged if the user selects "Wrong".