Maniphest T8282

gpgsm: Verifying a signature with an expired certificate does not show information about the signature
Testing, NormalPublic
Actions

Assigned To
None
Authored By
pl13
Mon, Jun 1, 5:02 PM
Tags
Subscribers
ebo
pl13

Description

When verifying a file with a detached signature information about the signature is not shown if the certificate of the signer is expired.

Output:

gpgsm --verify test.sig test.data 

gpgsm: Signature made [date not given]
gpgsm:                using nistp256 key 60ECCA6D9073C8F8164318AADF3634E266A25385
gpgsm: certificate has expired
gpgsm:   (expired at 2025-12-31 00:00:00)
gpgsm: invalid certification chain: Certificate expired

Expected output:

gpgsm --verify test.sig test.data 

gpgsm: Signature made [date not given]
gpgsm:                using nistp256 key 60ECCA6D9073C8F8164318AADF3634E266A25385
gpgsm: certificate has expired
gpgsm:   (expired at 2025-12-31 00:00:00)
gpgsm: Good signature from "/CN=Koch, Werner/C=DE/SerialNumber=4/GN=Werner/SN=Koch"
gpgsm:                 aka "werner.koch@g10code.com"

This regression was introduced by rGfa1ac5c23d16: gpgsm: add a certificate chain check for de-vs compliance in GnuPG 2.5.19 and 2.2.54. (T8188)

Details

Version
2.2.54 / 2.5.19

Revisions and Commits

rG GnuPG
rG56a1e5f3dda3 gpgsm: Add a certificate chain check for de-vs compliance
rG32f56a2732f0 gpgsm: Fix regression in gpgsm_verify with expired certificates.

Related Objects
Search...

Event Timeline

pl13 triaged this task as Normal priority.Mon, Jun 1, 5:02 PM
pl13 created this task.
pl13 added commits: rG32f56a2732f0: gpgsm: Fix regression in gpgsm_verify with expired certificates., rG56a1e5f3dda3: gpgsm: Add a certificate chain check for de-vs compliance.Mon, Jun 1, 5:07 PM
pl13 changed the task status from Open to Testing.Tue, Jun 2, 11:48 AM
pl13 updated the task description. (Show Details)
pl13 changed the edit policy from "All Users" to "Contributor (Project)".
pl13 edited projects, added vsd34, gnupg22; removed gnupg22 (gnupg-2.2.54), vsd33 (vsd-3.3.7), vsd.
pl13 set Version to 2.2.54 / 2.5.19.
pl13 moved this task from Backlog to WIP on the gnupg26 board.