Feed Advanced Search

Mon, Nov 11

aheinecke added a commit to T4543: GpgOL: Moved S/MIME mails can no longer be read by other clients: rOb05416e7bc41: Restore S/MIME class after close.
Mon, Nov 11, 4:06 PM · g10code, S/MIME, gpg4win, gpgol

Thu, Nov 7

werner lowered the priority of T4696: Fresh certificate get's pulled into certificate chain with expired root certificate from High to Normal.
Thu, Nov 7, 3:18 PM · gnupg (gpg22), S/MIME, Bug Report

Oct 4 2019

aheinecke moved T4543: GpgOL: Moved S/MIME mails can no longer be read by other clients from Backlog to In Progress on the g10code board.
Oct 4 2019, 4:34 PM · g10code, S/MIME, gpg4win, gpgol
aheinecke added a project to T4543: GpgOL: Moved S/MIME mails can no longer be read by other clients: g10code.
Oct 4 2019, 4:31 PM · g10code, S/MIME, gpg4win, gpgol
aheinecke added a commit to T4543: GpgOL: Moved S/MIME mails can no longer be read by other clients: rOee6c1cb59204: Restore msg class for S/MIME after move.
Oct 4 2019, 4:19 PM · g10code, S/MIME, gpg4win, gpgol
aheinecke renamed T4543: GpgOL: Moved S/MIME mails can no longer be read by other clients from GpgOL: Moved S/MIME mails with attachments can no longer be read by other clients to GpgOL: Moved S/MIME mails can no longer be read by other clients.
Oct 4 2019, 4:14 PM · g10code, S/MIME, gpg4win, gpgol

Sep 9 2019

aheinecke claimed T4699: X.509 certificate request more comfortable.

I give this normal priority even if it is a whish because I have the same whish and already have some code around that would make it more comfortable, especially if it is used directly in GpgOL.

Sep 9 2019, 11:26 AM · kleopatra, S/MIME, gpg4win, Feature Request
werner added projects to T4699: X.509 certificate request more comfortable: gpg4win, S/MIME.
Sep 9 2019, 7:40 AM · kleopatra, S/MIME, gpg4win, Feature Request

Sep 5 2019

werner triaged T4696: Fresh certificate get's pulled into certificate chain with expired root certificate as High priority.

Thanks for the sample certs. I noticed the posts but had not the time to look into them.

Sep 5 2019, 3:56 PM · gnupg (gpg22), S/MIME, Bug Report

Aug 22 2019

gniibe added a comment to T4480: GPGSM: Duplicated IMPORT_OK status lines emitted.

It appears (for me) correct behavior.

Aug 22 2019, 3:52 AM · S/MIME

Jul 5 2019

aheinecke closed T4561: GPG / GPGSM: Pinentry cancels lead to wrong error codes as Resolved.

Works for me! :-)

Jul 5 2019, 9:44 AM · S/MIME, gnupg
aheinecke merged T3928: canceling password dialog for decrypting is not recognized correctling. into T4561: GPG / GPGSM: Pinentry cancels lead to wrong error codes.
Jul 5 2019, 9:33 AM · S/MIME, gnupg
gniibe added a commit to T4561: GPG / GPGSM: Pinentry cancels lead to wrong error codes: rG38b9da7de335: sm: Return the last error for pubkey decryption..
Jul 5 2019, 8:53 AM · S/MIME, gnupg
gniibe added a commit to T4561: GPG / GPGSM: Pinentry cancels lead to wrong error codes: rG6cc4119ec03b: gpg: Return the last error for pubkey decryption..
Jul 5 2019, 8:18 AM · S/MIME, gnupg

Jun 13 2019

werner added a comment to T4257: GPGME: op_verify failes for S/MIME with EBADF in multithreaded signature verification.

I have a larger change for the wait code in the works. This will go into 1.14.0 but not in 1.13.1

Jun 13 2019, 9:06 AM · S/MIME, gpgme

Jun 7 2019

aheinecke created T4561: GPG / GPGSM: Pinentry cancels lead to wrong error codes.
Jun 7 2019, 9:56 AM · S/MIME, gnupg

Jun 6 2019

werner added a comment to T4257: GPGME: op_verify failes for S/MIME with EBADF in multithreaded signature verification.

I had to patch strace to follow threads but not forks (P8) and then when built with support for -k I tracked it down: In the inbound handler we close the fd immediately on EOF. However the upper layers don't know about it and a select fails with EBADF. Of course we could ignore the EBADF, figure out the closed fd and restart. The problem is that another thread may have opened a new oobject and that will get the last closed fd assigned - bummer.

Jun 6 2019, 5:08 PM · S/MIME, gpgme
aheinecke added a comment to T4257: GPGME: op_verify failes for S/MIME with EBADF in multithreaded signature verification.

Just noticed that due to me failing to properly understand re-entrant locks the run-thread test is broken at least on windows in that it never waits for completion. So running out of filedescriptors is to expect. I'll fix the test.

Jun 6 2019, 9:44 AM · S/MIME, gpgme
aheinecke added a comment to T4257: GPGME: op_verify failes for S/MIME with EBADF in multithreaded signature verification.

My observation from running the verify threaded test on windows is that it does behave differently. The EBADF does not occur.

Jun 6 2019, 8:51 AM · S/MIME, gpgme

Jun 5 2019

werner added a comment to T4257: GPGME: op_verify failes for S/MIME with EBADF in multithreaded signature verification.

Something(tm) closes an arbitrary file descriptor behind our back. Not easy to track down because strace can not trace only threads - it always wants to trace all children as well - which is a bit too much and leads to other problems.

Jun 5 2019, 9:03 PM · S/MIME, gpgme
werner raised the priority of T4257: GPGME: op_verify failes for S/MIME with EBADF in multithreaded signature verification from Normal to High.
Jun 5 2019, 9:00 PM · S/MIME, gpgme

Jun 4 2019

werner claimed T4257: GPGME: op_verify failes for S/MIME with EBADF in multithreaded signature verification.
Jun 4 2019, 11:42 AM · S/MIME, gpgme
werner moved T4257: GPGME: op_verify failes for S/MIME with EBADF in multithreaded signature verification from Backlog to For next release on the gpgme board.
Jun 4 2019, 11:03 AM · S/MIME, gpgme
werner removed a project from T4379: Invalid crypto engine importing a certificate: gpgme.
Jun 4 2019, 10:17 AM · S/MIME, Bug Report

Jun 3 2019

aheinecke added a commit to T4555: GpgSM: BER Error / Invalid radix64 character 2d skipped if newline is missing at EOF: rGTO1c5ebfb3b2bf: Fix BER Error when importing by adding \n.
Jun 3 2019, 6:14 PM · Bug Report, S/MIME
werner added a comment to T4555: GpgSM: BER Error / Invalid radix64 character 2d skipped if newline is missing at EOF.

A newline is required by the PEM standard.

Jun 3 2019, 4:37 PM · Bug Report, S/MIME
aheinecke created T4555: GpgSM: BER Error / Invalid radix64 character 2d skipped if newline is missing at EOF.
Jun 3 2019, 4:18 PM · Bug Report, S/MIME

May 29 2019

werner added a comment to T4536: dirmngr fails to find OCSP signer certificate when responder is identified with key ID.

Thanks, the mentioned OpenSSL option should be helpful.

May 29 2019, 9:19 AM · S/MIME, gnupg (gpg22), Bug Report
misterzed88 added a comment to T4536: dirmngr fails to find OCSP signer certificate when responder is identified with key ID.

A high level test description is:

  1. Configure both gpgsm and dirmngr to use OCSP.
  2. Import the responder signer certificate with gpgsm --import.
  3. Use a certificate with OCSP responder extension present, or configure a default OCSP responder in dirmngr.
  4. Configure your OCSP responder to identify itself with key ID (and not subject name)
  5. Attempt to sign or verify with gpgsm.
  6. You should get an error, with dirmngr logs showing that the responder signer certificate could not be found.
May 29 2019, 9:11 AM · S/MIME, gnupg (gpg22), Bug Report
misterzed88 added a comment to T4535: gpgsm --sign prints misleading error message when using default key.

Thank you for a quick fix (despite this being a minor problem).

May 29 2019, 8:51 AM · gnupg (gpg22), S/MIME, Bug Report

May 28 2019

aheinecke created T4543: GpgOL: Moved S/MIME mails can no longer be read by other clients.
May 28 2019, 3:10 PM · g10code, S/MIME, gpg4win, gpgol
werner added a comment to T4536: dirmngr fails to find OCSP signer certificate when responder is identified with key ID.

Do you have any test cases? Note that T3966 is due to missing support for SHA-256.

May 28 2019, 12:36 PM · S/MIME, gnupg (gpg22), Bug Report
werner closed T3966: Dirmngr: no suitable certificate found to verify the OCSP response as Resolved.
May 28 2019, 12:32 PM · gpg4win, dirmngr, S/MIME
werner added a commit to T3966: Dirmngr: no suitable certificate found to verify the OCSP response: rG5281ecbe3ae8: dirmngr: Allow for other hash algorithms than SHA-1 in OCSP..
May 28 2019, 12:32 PM · gpg4win, dirmngr, S/MIME
werner added a commit to T3966: Dirmngr: no suitable certificate found to verify the OCSP response: rG405f41007c35: dirmngr: Allow for other hash algorithms than SHA-1 in OCSP..
May 28 2019, 12:31 PM · gpg4win, dirmngr, S/MIME
werner added a commit to T4536: dirmngr fails to find OCSP signer certificate when responder is identified with key ID: rG4699e294cc9e: dirmngr: Improve finding OCSP cert..
May 28 2019, 12:31 PM · S/MIME, gnupg (gpg22), Bug Report
werner added a comment to T3966: Dirmngr: no suitable certificate found to verify the OCSP response.

We only supported SHA-1 signed OCSP requests. Fix will go into 2.2.16.

May 28 2019, 12:29 PM · gpg4win, dirmngr, S/MIME

May 27 2019

werner triaged T4537: gpgsm support for timestamp signatures as Normal priority.
May 27 2019, 3:58 PM · gnupg (gpg23), S/MIME, Feature Request
werner triaged T4536: dirmngr fails to find OCSP signer certificate when responder is identified with key ID as Normal priority.
May 27 2019, 3:57 PM · S/MIME, gnupg (gpg22), Bug Report
werner closed T4535: gpgsm --sign prints misleading error message when using default key as Resolved.

Thanks to your very good analysis, this was easy to fix.

May 27 2019, 3:49 PM · gnupg (gpg22), S/MIME, Bug Report
werner added a commit to T4535: gpgsm --sign prints misleading error message when using default key: rG32210e855c46: sm: Avoid confusing diagnostic for the default key..
May 27 2019, 3:49 PM · gnupg (gpg22), S/MIME, Bug Report
werner added a commit to T4535: gpgsm --sign prints misleading error message when using default key: rG521e7d4644ed: sm: Avoid confusing diagnostic for the default key..
May 27 2019, 3:48 PM · gnupg (gpg22), S/MIME, Bug Report
werner triaged T4535: gpgsm --sign prints misleading error message when using default key as Low priority.
May 27 2019, 3:29 PM · gnupg (gpg22), S/MIME, Bug Report

May 24 2019

werner added a comment to T4538: Support PSS signed CRLs.

Interesting tinge: The main CRL of the dgn.de CA uses a nextUpdate in the year 2034 (15 years in the future) which would force dirmngr to cache the CRL until then. However, the CRL of the intermediate certificate has a nextUpdate only one month in the future. There is currently no entry in that second level CRL, so their idea might be that an updated second level CRL will also trigger a reload of the main CRL. I have not checked how we implement that in Dirmngr but I doubt that such a thing will work for us and that it is in any way standard compliant.

May 24 2019, 11:59 AM · dirmngr, S/MIME, libksba
werner added a subtask for T4538: Support PSS signed CRLs: T4523: Gpg4win: Multiple problems reported 05-2019.
May 24 2019, 9:10 AM · dirmngr, S/MIME, libksba
werner removed a parent task for T4538: Support PSS signed CRLs: T4523: Gpg4win: Multiple problems reported 05-2019.
May 24 2019, 9:10 AM · dirmngr, S/MIME, libksba
werner added a parent task for T4538: Support PSS signed CRLs: T4523: Gpg4win: Multiple problems reported 05-2019.
May 24 2019, 9:08 AM · dirmngr, S/MIME, libksba
werner created T4538: Support PSS signed CRLs.
May 24 2019, 8:58 AM · dirmngr, S/MIME, libksba

May 16 2019

werner added a commit to T4505: SM, W32: GPGSM hangs up the GnuPG System: rG0fff927889b0: kbx: Fix an endless loop under Windows due to an incomplete fix..
May 16 2019, 2:03 PM · kleopatra, gpgol, S/MIME, gpg4win, Windows
werner added a commit to T4505: SM, W32: GPGSM hangs up the GnuPG System: rG6f72aa821407: kbx: Fix deadlock in gpgsm on Windows due to a sharing violation..
May 16 2019, 2:03 PM · kleopatra, gpgol, S/MIME, gpg4win, Windows
werner closed T4505: SM, W32: GPGSM hangs up the GnuPG System as Resolved.
May 16 2019, 2:00 PM · kleopatra, gpgol, S/MIME, gpg4win, Windows
werner added a comment to T4505: SM, W32: GPGSM hangs up the GnuPG System.

That was obvious. rG6fc5df1e10129f3171d80cf731f310b9e8d97c26 fixes this.

May 16 2019, 2:00 PM · kleopatra, gpgol, S/MIME, gpg4win, Windows
aheinecke reopened T4505: SM, W32: GPGSM hangs up the GnuPG System as "Open".

When doing a "gpgsm --with-validation -k foo" (assuming you have a cert foo) gpgsm now goes into a loop and prints the certficates that match "foo" over and over again. I have not tested if it was caused by this change but I think it is likely.

May 16 2019, 1:15 PM · kleopatra, gpgol, S/MIME, gpg4win, Windows
aheinecke removed a subtask for T4505: SM, W32: GPGSM hangs up the GnuPG System: T4509: Release GnuPG 2.2.16.
May 16 2019, 1:12 PM · kleopatra, gpgol, S/MIME, gpg4win, Windows
aheinecke added a subtask for T4505: SM, W32: GPGSM hangs up the GnuPG System: T4509: Release GnuPG 2.2.16.
May 16 2019, 9:50 AM · kleopatra, gpgol, S/MIME, gpg4win, Windows
aheinecke closed T4505: SM, W32: GPGSM hangs up the GnuPG System as Resolved.

I imported 39 certificate files at once with Kleopatra with about 700 certificates and it worked. Took a long time though so It would be nice if Kleopatra would show a progess indicator or some indication that the import is running. But this is a different issue.

May 16 2019, 9:49 AM · kleopatra, gpgol, S/MIME, gpg4win, Windows

May 15 2019

werner edited projects for T4436: gpgsm refuses to encrypt with failure to check CRL, added: gnupg; removed gnupg (gpg22), Bug Report.

Will give you more detailed info about your certificate. For even more details use --dump-chain instead of --list-chain.

May 15 2019, 9:39 AM · gnupg, S/MIME
werner merged T4248: gpg-agent: Rare unresponsiveness after importing a secret S/MIME cert on Windows into T4505: SM, W32: GPGSM hangs up the GnuPG System.
May 15 2019, 9:22 AM · kleopatra, gpgol, S/MIME, gpg4win, Windows
werner merged task T4248: gpg-agent: Rare unresponsiveness after importing a secret S/MIME cert on Windows into T4505: SM, W32: GPGSM hangs up the GnuPG System.
May 15 2019, 9:22 AM · S/MIME, gnupg (gpg22), gpgagent, gpg4win

May 14 2019

werner added a commit to T4505: SM, W32: GPGSM hangs up the GnuPG System: rG49b236af0ecb: kbx: Fix deadlock in gpgsm on Windows due to a sharing violation..
May 14 2019, 7:07 PM · kleopatra, gpgol, S/MIME, gpg4win, Windows
werner added a commit to T4505: SM, W32: GPGSM hangs up the GnuPG System: rG22e274f839f9: sm: Change keydb code to use the keybox locking..
May 14 2019, 4:52 PM · kleopatra, gpgol, S/MIME, gpg4win, Windows
aheinecke added a comment to T4505: SM, W32: GPGSM hangs up the GnuPG System.

The last lines that the process currently holding wrote in the log:

May 14 2019, 11:30 AM · kleopatra, gpgol, S/MIME, gpg4win, Windows
aheinecke added a comment to T4505: SM, W32: GPGSM hangs up the GnuPG System.

To reproduce this issue I started Kleopatra with an empty GNUPGHOME and imported 10 S/MIME certs at once (which spawns a gpgsm process each) with enabled logging.

May 14 2019, 11:20 AM · kleopatra, gpgol, S/MIME, gpg4win, Windows
werner triaged T4503: include extension for OpenPGP creation timestamp in X.509 output as Normal priority.

Thanks for the hint on the existing OID I already looked into that and planned to use one from the GnuPG arc, But an existing OID is better. I still need to figure useful workflows but something like this will be useful for smartcards..

May 14 2019, 10:42 AM · Feature Request, S/MIME

May 13 2019

aheinecke created T4505: SM, W32: GPGSM hangs up the GnuPG System.
May 13 2019, 9:39 AM · kleopatra, gpgol, S/MIME, gpg4win, Windows

May 12 2019

dkg created T4503: include extension for OpenPGP creation timestamp in X.509 output.
May 12 2019, 1:01 AM · Feature Request, S/MIME

May 3 2019

aheinecke added a project to T4480: GPGSM: Duplicated IMPORT_OK status lines emitted: S/MIME.
May 3 2019, 10:44 AM · S/MIME

Mar 27 2019

lechten added a comment to T4436: gpgsm refuses to encrypt with failure to check CRL.

I forgot: Instead of importing the missing internal CA, this works:

Mar 27 2019, 9:44 AM · gnupg, S/MIME
lechten added a comment to T4436: gpgsm refuses to encrypt with failure to check CRL.

I agree, the question is which CRL is checked when how. Maybe there is some mistake on my side. Here is a recipe for Debian:

Mar 27 2019, 9:23 AM · gnupg, S/MIME
aheinecke added a comment to T4436: gpgsm refuses to encrypt with failure to check CRL.

I don't think this is a bug. Failure to encrypt when CRL check fails is expected.

Mar 27 2019, 8:37 AM · gnupg, S/MIME

Mar 26 2019

werner triaged T4436: gpgsm refuses to encrypt with failure to check CRL as Normal priority.
Mar 26 2019, 7:53 PM · gnupg, S/MIME

Mar 14 2019

aheinecke removed a project from T4098: GpgSM: Add ECC support (Option to create an X.509/ECDSA key): gpg4win.
Mar 14 2019, 9:34 AM · Feature Request, S/MIME

Mar 4 2019

aheinecke added a comment to T4379: Invalid crypto engine importing a certificate.

Ouch indeed. Looks like you run into a "hanging" gpg-agent situation in that case our main background process is blocked and all other processes wait for it to respond and nothing works anymore.
This should never happen and we need to fix it. But so far we have not found a way to reproduce it.

Mar 4 2019, 10:57 AM · S/MIME, Bug Report

Feb 28 2019

LoZio added a comment to T4379: Invalid crypto engine importing a certificate.

Looking at other threads I found the problem in some .lock file in my gnupg directory. One of them was locked by a running process and I was not able to delete. So I opened up task manager and I had dozens of gnupg related processes running. I killed all of them and removed any .lock file.
This way Kleopatra started again but the certificate above (aruba) was not present in the imported ones. And, of course, I'm not going to import it anymore, will use my sixt sense to trust certificates...

Feb 28 2019, 2:39 PM · S/MIME, Bug Report
LoZio added a comment to T4379: Invalid crypto engine importing a certificate.

The exact file that created the lock is attached

.
I zipped it to avoid an unintended import that kills Kleopatra.

Feb 28 2019, 2:24 PM · S/MIME, Bug Report
LoZio added a comment to T4379: Invalid crypto engine importing a certificate.

The only action I can do is quit the program telling it to stop the background actvity, but I cannot use it anymore...

Feb 28 2019, 2:13 PM · S/MIME, Bug Report
LoZio added a comment to T4379: Invalid crypto engine importing a certificate.

Ouch, worse problem here. After closing kleopatra telling it to stop doing whatever it was, I restarted the application and now it's stuck in "Loading certificate cache"

Feb 28 2019, 2:00 PM · S/MIME, Bug Report
LoZio added a comment to T4379: Invalid crypto engine importing a certificate.

The certificate was defintely missing the tag lines, thanks. I also tried opening the certificate from that page (Windows has no problems without the tag lines) and exporting it explicitly as base64, and the output file is fine.
The problem is that the import now seems to go well, but no certificate is imported at all. I tried several times and the import box just closes after selecting the file.
I tried to close Kleopatra and it says there are ongoing background operations. At least 15 mins passed between the import and the closing tentative.
Actually, it is stuck doing something.

Feb 28 2019, 1:57 PM · S/MIME, Bug Report
aheinecke triaged T4379: Invalid crypto engine importing a certificate as Normal priority.

Thanks for the report.

Feb 28 2019, 1:09 PM · S/MIME, Bug Report
aheinecke added a comment to T4380: GpgSM: CRL access not possible due to Tor mode.

Btw. I only noticed this now as I always had "disable-tor" in my config but recently removed it for testing.

Feb 28 2019, 7:59 AM · Bug Report, dirmngr, S/MIME
aheinecke created T4380: GpgSM: CRL access not possible due to Tor mode.
Feb 28 2019, 7:59 AM · Bug Report, dirmngr, S/MIME

Feb 27 2019

gniibe added a commit to T4104: gpgsm/ksba removes leading zeros from signature byte array: rK9fea74575085: Don't remove leading zero byte..
Feb 27 2019, 3:18 AM · Testing, libksba, S/MIME, Bug Report
gniibe claimed T4104: gpgsm/ksba removes leading zeros from signature byte array.

We also need to fix for encryption and signature in CSR.

Feb 27 2019, 3:17 AM · Testing, libksba, S/MIME, Bug Report

Feb 18 2019

gniibe added a commit to T4013: Certificate requests generated from Ed25519 keys are not compliant with draft-ietf-curdle-pkix: rG3cbdf896e691: sm: Support generation of card-based ed25519 CSR..
Feb 18 2019, 3:37 AM · S/MIME, Feature Request, libksba

Feb 15 2019

gniibe added a commit to T4092: Certificate requests generated from card-based ECDSA keys are incorrectly marked as RSA-signed: rG74e9b579ca27: sm: Support generation of card-based ECDSA CSR..
Feb 15 2019, 3:02 AM · Feature Request, S/MIME

Feb 14 2019

werner added a comment to T4092: Certificate requests generated from card-based ECDSA keys are incorrectly marked as RSA-signed.

Thanks for that summary.

Feb 14 2019, 7:31 AM · Feature Request, S/MIME
gniibe added a commit to T4092: Certificate requests generated from card-based ECDSA keys are incorrectly marked as RSA-signed: rK98882064f457: Support multi-valued signatures in CSRs..
Feb 14 2019, 2:32 AM · Feature Request, S/MIME

Feb 13 2019

gouttegd added a project to T4092: Certificate requests generated from card-based ECDSA keys are incorrectly marked as RSA-signed: Feature Request.

Since it seems there is a renewed interest in adding ECC support to GpgSM (as indicated by the T4098 feature request), I would like to write down here more details about this task.

Feb 13 2019, 1:37 AM · Feature Request, S/MIME

Feb 6 2019

werner claimed T4098: GpgSM: Add ECC support (Option to create an X.509/ECDSA key).
Feb 6 2019, 9:57 AM · Feature Request, S/MIME
werner added a comment to T4098: GpgSM: Add ECC support (Option to create an X.509/ECDSA key).

See also T4013 which is about ed25519 key support

Feb 6 2019, 9:56 AM · Feature Request, S/MIME

Dec 18 2018

jmrexach added a comment to T4292: gpgsm: Problems with OCSP validation / No CRL known for OCSP Cert id-pkix-ocsp-nocheck?.

werner,
I'm the spanish user. Are you also setting default ocsp responder option?
Setting only ocsp_signer doesn't worked, there are several CA's with diferent ocsp responders.

Dec 18 2018, 8:19 PM · S/MIME
aheinecke added a comment to T4292: gpgsm: Problems with OCSP validation / No CRL known for OCSP Cert id-pkix-ocsp-nocheck?.

The reporter said that it did not work for him.

Dec 18 2018, 2:44 PM · S/MIME

Dec 17 2018

werner added a comment to T4292: gpgsm: Problems with OCSP validation / No CRL known for OCSP Cert id-pkix-ocsp-nocheck?.

A list of SHA-1 fingerprints for the valid certificates. With our without colons.

Dec 17 2018, 5:25 PM · S/MIME
aheinecke added a comment to T4292: gpgsm: Problems with OCSP validation / No CRL known for OCSP Cert id-pkix-ocsp-nocheck?.

@werner what should the contents of the file look like?

Dec 17 2018, 3:46 PM · S/MIME
werner added a comment to T4292: gpgsm: Problems with OCSP validation / No CRL known for OCSP Cert id-pkix-ocsp-nocheck?.

I had to look it up in the code and man page too ;-)

Dec 17 2018, 10:22 AM · S/MIME
aheinecke added a comment to T4292: gpgsm: Problems with OCSP validation / No CRL known for OCSP Cert id-pkix-ocsp-nocheck?.

Good to know. I thought that ocsp-signer was only used if ocsp-responder is explitly set. I've suggested the workaround in the Message Board.

Dec 17 2018, 9:48 AM · S/MIME
werner added a comment to T4292: gpgsm: Problems with OCSP validation / No CRL known for OCSP Cert id-pkix-ocsp-nocheck?.

Is using

Dec 17 2018, 9:44 AM · S/MIME
aheinecke created T4292: gpgsm: Problems with OCSP validation / No CRL known for OCSP Cert id-pkix-ocsp-nocheck?.
Dec 17 2018, 8:44 AM · S/MIME
aheinecke added a comment to T4248: gpg-agent: Rare unresponsiveness after importing a secret S/MIME cert on Windows.

In Wald someone reports that this also appears to happen when decrypting. https://wald.intevation.org/forum/message.php?msg_id=6377 Probably run-threaded will help to flush this out.

Dec 17 2018, 8:33 AM · S/MIME, gnupg (gpg22), gpgagent, gpg4win

Dec 14 2018

werner added a project to T4248: gpg-agent: Rare unresponsiveness after importing a secret S/MIME cert on Windows: S/MIME.
Dec 14 2018, 10:46 AM · S/MIME, gnupg (gpg22), gpgagent, gpg4win