In T5744#153233, @alexnadtoka wrote:And --keyserver-options check-cert is removed from new gpg versions (((
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Dec 23 2021
Dec 23 2021
@ikloecker yes sorry ok
@bernard Right sorry. I have sent request to mailing lists
@alexnadtoka, please stop adding the same information to two different issues. Let's use T5744: Issue with connecting to GPG server for any further comments.
ikloecker committed rKLEOPATRA46e169403327: Notify user if keyservers return results without fingerprints (authored by ikloecker).
Notify user if keyservers return results without fingerprints
ikloecker committed rKLEOPATRAce5936a06116: Create UI of Lookup Certificates dialog in code (authored by ikloecker).
Create UI of Lookup Certificates dialog in code
ikloecker committed rKLEOPATRAcea56e0146a1: Explicitly ignore keys without user IDs and notify the user (authored by ikloecker).
Explicitly ignore keys without user IDs and notify the user
@alexnadtoka wrote:
both versions had issues(( and send two requests to RU and EN comunity . No answer for two days already
@bernhard yeah thank you. both versions had issues(( and send two requests to RU and EN comunity . No answer for two days already
The log clearlys says certificate is expired(( but it is not at least for keyserver... May be it is reffering to gpg key... I dont know... but it is not expired either. Probably I am missing something. Will try to contact community again.
Here is log in english
@alexnadtoka When using Gpg4win-4.0.0 or 3.3.16 with an updated GnuPG the validation of dirmngr works fine with the Let's encrypt certificates again. If you have one of these versions, and you still have problems, you need to be more specific about which connection you are referring to.
Maybe it is best to ask on one of community channels (e.g. the gnupg-users mailinglist, see https://gnupg.org/documentation/mailing-lists.html )
faq: Fix a link
The odds for this case are infinitesimal so this should not have high priority. I consider this only a code-is-as-specified thing.
Laurent Montel <montel@kde.org> committed rKLEOPATRAe226b9208399: GIT_SILENT: it's enabled by default too in qt6 (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: it's enabled by default too in qt6
Do you have a ballpark figure for the install base (not including variants such as debian with modified defaults)? That might help us decide what counts as "overloading".
Dec 22 2021
Dec 22 2021
The problem is just that there are not that much keyservers left and thus I added those running by large organisations. I really don't want to overload your servers. I would also trust nlnet more than canoncial which is why I started with them.
Its all a mess. Maybe no keyserver should be the default.
Improve next-steps
And --keyserver-options check-cert is removed from new gpg versions (((
@werner can you show me tutorial for proper bug submit? I think it is a bug and gpg client on Windows does not support valid LetsEncrypt certificates on keyserver. It does not work with any keys server . Tested few public keyservers as well. ((
ikloecker changed the status of T5713: Kleopatra: PKCS#12 Import no Error on bad passphrase from Open to Testing.
(q)gpgme now tries to detect a failed import caused by a bad passphrase and emits a bad passphrase error in this case. Kleopatra then shows a "Bad passphrase" error instead of an "Invalid object" error.
ikloecker added a comment to T5725: Kleopatra: Certificate lookup shows only one result even if there are 100s matches.
We decided to notify the user if the keyserver doesn't return fingerprints. The fingerprints are needed by Kleopatra as unique identifier for keys. Trying to make key lookup work without fingerprints isn't useful.
ikloecker committed rKLEOPATRAf95f92e5b7f1: Do not treat canceled imports as failed (authored by ikloecker).
Do not treat canceled imports as failed
ikloecker committed rM300776f39165: cpp: Check fpr of import status for NULL (authored by ikloecker).
cpp: Check fpr of import status for NULL
ikloecker committed rMf99451e20fd2: qt,tests: Add test runner for testing the import job (authored by ikloecker).
qt,tests: Add test runner for testing the import job
ikloecker committed rM305d8668ca72: core: Detect bad passphrase error on certificate import (authored by ikloecker).
core: Detect bad passphrase error on certificate import
ikloecker committed rM82f43455e941: qt: Detect an import error caused by a wrong password (authored by ikloecker).
qt: Detect an import error caused by a wrong password
• werner added a project to T5750: GpgOL links to an FSF page for "Unsicher GpgOL": Restricted Project.
• gniibe updated the task description for T5749: Ed25519: Signature (R,S), where S=0 is possible for EdDSA.
Please see https://gnupg.org
• gniibe committed rPac338b99fd63: build: Fix configure.ac for newer autoconf/automake. (authored by • gniibe).
build: Fix configure.ac for newer autoconf/automake.
build: Remove unused old m4 files.
• gniibe committed rPTHe73ae33adfbc: build: Remove unused m4/sys_socket_h.m4. (authored by • gniibe).
build: Remove unused m4/sys_socket_h.m4.
posix: Add npth_poll/npth_ppoll.
build: Recover and update *.m4.
build: Update for newer autoconf.
build: Update for newer autoconf.
build: Remove obsolete m4 files.
build: Update for newer autoconf.
build: Update for newer autoconf.
build: Update for newer autoconf.
build: Update for newer autoconf.
Dec 21 2021
Dec 21 2021
Laurent Montel <montel@kde.org> committed rKLEOPATRA439028ce08cd: GIT_SILENT: AA_EnableHighDpiScaling is by default in qt6 now (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: AA_EnableHighDpiScaling is by default in qt6 now
FWIW, We have a similar mechanism for the secure memory
That is a security feature of WIndows. We can't do much about it except for bad hacks. Checkout Kleopatra to see how you can improve this.
Fix mistakes in version-4 update
We talked today about the renaming the current "linux" entropy module to "oldlinux" would make sense.
ikloecker changed the status of T5745: Kleopatra: Card holder name is not correctly decoded from Open to Testing.
jukivili committed rC7205c715b3e0: AES-GCM: Bulk implementation of AES-GCM acceleration for ppc64le (authored by dannytsen).
AES-GCM: Bulk implementation of AES-GCM acceleration for ppc64le
Register DCO for Danny Tsen
jukivili committed rC3b9f746c2fb1: cipher: Fix SM3 avx/bmi2 compilation error (authored by Tianjia Zhang <tianjia.zhang@linux.alibaba.com>).
cipher: Fix SM3 avx/bmi2 compilation error
Ok, I'll add.
appimage: Dist rsync-filters
• aheinecke committed rW05ad5b672eb0: Change inmenulogo back to version with whatsnew (authored by • aheinecke).
Change inmenulogo back to version with whatsnew
Improve version4 announcement (EN)
web: Prepare gpg4win-4.0 page
• aheinecke committed rW3b54a19fa542: Add english variant of updated version4 page (authored by • aheinecke).
Add english variant of updated version4 page
ikloecker committed rKLEOPATRA367ca863d20d: Do not crash if primary fingerprint is nullptr (authored by ikloecker).
Do not crash if primary fingerprint is nullptr
ikloecker committed rKLEOPATRA235335a14e06: Unescape space characters in the display name (authored by ikloecker).
Unescape space characters in the display name
@alexnadtoka, did you do what Werner wrote in T5639#150626?
Saturneric updated the task description for T5746: Pinetry always loses focus after popping up under Windows.
Improve v4 announcement
Saturneric added a comment to T5712: Yubikey 5 NFC only recognized immediately after it is inserted.
Recently, I have encountered many problems in adapting the graphical interface interaction between Yubikey and gnupg. I am thinking about why some settings need to be manually added to some additional settings. I found that there are many such solutions on the Internet. Is there any way that scdaemon can automatically recognize these situations and add appropriate settings.
Update NEWS and READMEs for 4.0
• aheinecke committed rWb272f588cd76: appimage: Fixup rpath also for 2.3 libexec bins (authored by • aheinecke).
appimage: Fixup rpath also for 2.3 libexec bins
Update gnupg in packages.4
• werner edited projects for T5742: Apparent regressions between 2.2.32 and 2.2.33 of GnuPG, added: gnupg (gpg23), Bug Report; removed gnupg (gpg22).
Things are not that easy. I actually introduced a bug in 2.3.4. Here is a comment from my working copy:
@werner Thank you for the answer. Please advise mailing list address.
For support please use the mailing list and not the bug tracker.
Seen. @jukivili can you please add it to the AUTHORS file?
GNUpg version 2.3.4 was installed but did not help
Is there a way to ignore SSL check during connection? This might work. We have internal server for our users only.
Guys I am facing similar issue but my Lets ecnrypt certificates are all ok. What is the problem with my gpg4win client? When connecting to openpgp server it says certificate is expired. Anybody can help me?
po: Update Japanese Translation.
agent: Fix comment for .po generation.
• gniibe committed rDe2b04c5b8a7d: security: Address our stance for libgcrypt Threat Model. (authored by • gniibe).
security: Address our stance for libgcrypt Threat Model.
• gniibe edited projects for T5742: Apparent regressions between 2.2.32 and 2.2.33 of GnuPG, added: gnupg (gpg22); removed gnupg.
Dec 20 2021
Dec 20 2021
• werner set External Link to https://lists.gnupg.org/pipermail/gnupg-announce/2021q4/000468.html on T5654: Release GnuPG 2.3.4.
swdb: GnuPG 2.3.4
po: auto update
Post release updates.
Release 2.3.4
• werner committed rG610528725290: gpg: Correctly set the ownertrust for a new key. (authored by • werner).
gpg: Correctly set the ownertrust for a new key.
po: Update German translation
We can even remove the hexfingerrprint call. Will go into 2.3.4. Thanks.
• werner committed rGafe5fcda52e8: gpg: Add unfinished code for --export-secret-ssh-key. (authored by • werner).
gpg: Add unfinished code for --export-secret-ssh-key.
wkd: Don't beg for donations