Page MenuHome GnuPG
Create Task
Maniphest T8187

Kleopatra: File encryption with invalid S/MIME certificate hangs indefinitely
Testing, NormalPublic
Actions

Description

To reproduce:

  1. In registry set:
    • AllowMarkTrusted = 1
    • DisableUserTrustlist = 0
  2. Add the following S/MIME certs (CA, cert with invalid crtDP url) and trust the CA cert:

    ca.pem2 KBDownload
    alice-brokenCrlDP.p124 KBDownload
  1. Don't open the cert details, as this will invalidate it (a restart of Kleopatra will reset this)
  2. Encrypt a file with alice's cert, e.g. test.pdf
    • The process hangs indefinitely
    • An empty temporary file test.pdf.p7m.tOEaOE is created next to test.pdf

gpgsm.log

gpgsm.log27 KBDownload

gpgme.log

gpgme.log386 KBDownload

Details

Version
vsd-3.3.6.1 @ win10

Revisions and Commits

rW Gpg4win
rW51e1943cd1d1 Add gpgme patch which fixes a regression caused by the other patches
rM GPGME
rM775e1eb923fa gpgsm: Read all pending lines before waiting for more data

Related Objects

Event Timeline

timegrid triaged this task as Normal priority.Tue, Mar 24, 11:38 AM
timegrid created this task.
timegrid created this object with edit policy "Contributor (Project)".
timegrid mentioned this in T6702: Kleopatra: Use GPGME_ENCRYPT_ALWAYS_TRUST.
ikloecker claimed this task.Tue, Mar 24, 2:28 PM
ikloecker moved this task from Backlog to WIP on the gpd5x board.
ikloecker added a project: gpgme.Tue, Mar 24, 3:44 PM

This is a bug in gpgme. gpgsm_assuan_simple_command only reads a single line before waiting for more data although there is a second line (ERR ...) ready to be read. gpgsm never sends more data because it has already sent its full answer. So gpgme waits forever.

ikloecker moved this task from Backlog to WIP on the vsd34 board.Tue, Mar 24, 4:07 PM

Fixed. For VSD 3.4 this will also be fixed if gpgme is updated.

ikloecker moved this task from Backlog to QA for next release on the gpgme board.Tue, Mar 24, 4:07 PM
ikloecker added a commit: rM775e1eb923fa: gpgsm: Read all pending lines before waiting for more data.Tue, Mar 24, 4:19 PM
ikloecker added a comment.Tue, Mar 24, 4:25 PM

This is a regression that was introduced with T7759: Kleopatra: Notepad encryption with S/MIME fails.

ikloecker added a commit: rW51e1943cd1d1: Add gpgme patch which fixes a regression caused by the other patches.Tue, Mar 24, 4:34 PM
ikloecker added a project: vsd33.Tue, Mar 24, 4:36 PM

I have added the fix as patch for VSD 3.3 because the commits that introduced this regression were also added as patches for VSD 3.3.

ikloecker moved this task from Backlog to WiP on the vsd33 board.Tue, Mar 24, 4:36 PM
ikloecker changed the task status from Open to Testing.Tue, Mar 24, 4:47 PM