We should close this. The recent fix in 2.2 and the forthcoming 2.3 does everything we want. In the meantiime or if further problems turn up, --ignore-cert is a good workaround.
Feed All Stories
Sep 22 2022
Sep 22 2022
• werner removed a project from T6034: Kleopatra: Make links in label text accessible: Restricted Project.
• werner changed the status of T6039: FIPS: Allow salt=NULL (or shorter salt) for HKDF from Open to Testing.
• werner removed a project from T6044: Kleopatra: Make information shown in pop-ups accessible: Restricted Project.
• werner changed the status of T6048: Test suite fixes with --enable-pubkey-ciphers=ecc from Open to Testing.
• werner removed a project from T6067: dirmngr 2.2 does not ask keyservers for fingerprints: Unknown Object (Project).
• werner removed a project from T6095: Kleopatra: Fix accessibility of group configuration: Unknown Object (Project).
• werner removed a project from T6059: ntbtls: use of shorter hash for ECC: Unknown Object (Project).
• werner removed a project from T6062: Kleopatra: Kleopatra fails with error if signed data is not found: Unknown Object (Project).
• werner removed a project from T6064: Kleopatra: Allow queries to list all certificates on the server: Unknown Object (Project).
• werner changed the status of T6066: gcry_pk_hash_verify() does not work with explicitly specified hash algorithm from Open to Testing.
• werner removed a project from T6073: Kleopatra: Fix issues with high contrast resp. inverted color scheme: Unknown Object (Project).
• werner removed a project from T6080: Kleopatra: Make changing the expiration date accessible: Unknown Object (Project).
• werner removed a project from T6102: Kleopatra: Make Certifications dialog accessible: Unknown Object (Project).
• werner removed a project from T6104: Kleopatra: Make Subkeys Details dialog accessible: Unknown Object (Project).
• werner removed a project from T6118: Kleopatra: Bogus </item><item> in message when importing secret key with multiple user IDs: Unknown Object (Project).
• werner removed a project from T6083: Kleopatra: Sign/encrypt window size issue: Unknown Object (Project).
• werner removed a project from T6101: Kleopatra: Make self-test accessible: Unknown Object (Project).
• werner removed a project from T6103: Kleopatra: Make key selection dialog accessible: Unknown Object (Project).
• werner removed a project from T6108: Kleopatra: Information on storage location of OpenPGP key should be per subkey: Unknown Object (Project).
• werner changed the status of T6112: libgpg-error,w32: bidirectional Pipe support for estream from Open to Testing.
• werner removed a project from T6115: Kleopatra: On "revoke certification" do not offer keys which did not certify that certificate: Unknown Object (Project).
• werner removed a project from T6120: Kleopatra: Unify wording of (start and) end of validity period: Unknown Object (Project).
• werner removed a project from T6121: Kleopatra: add name suggestion for revocation certificate : Unknown Object (Project).
• werner changed the status of T6136: build failure with slibtool - error: undefined symbol: QGpgME::RevokeKeyJob::staticMetaObject from Open to Testing.
• werner removed a project from T6140: Kleopatra: F5 does not always work in smartcard dialog: Unknown Object (Project).
• werner removed a project from T6144: Kleopatra: Please Certify Dialog is no longer shown: Unknown Object (Project).
• werner removed a project from T6156: Kleopatra: Aborting password entry on certify leads to broken error message: Unknown Object (Project).
• werner added a comment to T6142: On Windows, gpg 2.3.7 thinks the certificates of major keyservers have expired.
• werner changed the status of T6142: On Windows, gpg 2.3.7 thinks the certificates of major keyservers have expired, a subtask of T5882: Cross signing certificate in X.509 support, from Open to Testing.
• werner changed the status of T6142: On Windows, gpg 2.3.7 thinks the certificates of major keyservers have expired from Open to Testing.
• werner removed a project from T6154: Kleopatra: Assert in CertifyCertificateCommand after setting ownertrust of key: Unknown Object (Project).
• werner removed a project from T6155: Kleopatra: Certify expired userids offered but leads to General Error: Unknown Object (Project).
• werner removed a project from T6163: Kleopatra: Fetch missing keys broken: Unknown Object (Project).
• werner removed a project from T6166: Kleopatra: Require either name or email when generating keys for OpenPGP smart card: Unknown Object (Project).
• werner removed a project from T6180: Kleopatra: "more details" in group edit opens information window in background: Unknown Object (Project).
• werner removed a project from T6188: kleopatra: notepad verify/decrypt button not always greyed out when it should be: Unknown Object (Project).
• werner removed a project from T6187: Kleopatra: Import of p12 file fails with "invalid crypto engine": Unknown Object (Project).
• werner removed a project from T6196: Kleopatra: Canceling encrypt operation in the notepad causes a bogus error message: Unknown Object (Project).
• werner changed the status of T6200: gnupg: GPG_ERR_SOURCE_DEFAULT should be defined from Open to Testing.
• werner removed a project from T6201: Kleopatra: Disable unusable actions in certificate details for remote keys: Unknown Object (Project).
• werner removed a project from T6202: Kleopatra: Suppress errors of WKD lookups: Unknown Object (Project).
• werner changed the status of T6204: gpgme:python Fix setup.py, using pkg-config (not deprecated gpg-error-config and gpgme-config) from Open to Testing.
• werner changed the status of T6204: gpgme:python Fix setup.py, using pkg-config (not deprecated gpg-error-config and gpgme-config), a subtask of T5683: Deprecation of gpg-error-config, from Open to Testing.
• werner removed a project from T6090: Kleopatra: "Cancel" in the password dialog of "backup secret keys" has no effect: Unknown Object (Project).
• werner changed the status of T6205: GnuPG: Unknown encryption keys should not result in non-compliant encryption on decryption from Open to Testing.
• werner moved T6205: GnuPG: Unknown encryption keys should not result in non-compliant encryption on decryption from Restricted Project Column to Restricted Project Column on the Restricted Project board.
• werner committed rG05b7e4a405c8: gpg: Don't consider unknown keys as non-compliant while decrypting. (authored by • werner).
gpg: Don't consider unknown keys as non-compliant while decrypting.
• gniibe committed rCc20022ffd4ad: fips: Skip PCT if RSA keygen test-parms specified (authored by neverpanic).
fips: Skip PCT if RSA keygen test-parms specified
Sep 21 2022
Sep 21 2022
This is a support question and not a bug. You should ask such questions on the channels for Gpg4win, which does the Community support for GnuPG on Windows: https://www.gpg4win.org/community.html
• aheinecke triaged T6192: GpgOL: deactivation of S/MIME does not affect previously sent mails as Normal priority.
I would give this low priority as we default to "S/MIME disabled" and this issue is no longer that relevant. But as it is a regression and I am pretty sure I know why it happens -> Normal.
I think it is more of a Kleopatra issue.
Yes I have to look at this again. This resize stuff is code in GpgOL, which was intended to trigger UI redraws / updates of Outlook. Because it otherwise would not show our current state but something in the cache. And there is no "Redraw UI" Api. The Resize trick is something I got from stack overflow but it should be only 20px (seriously smaller px values cause no redraw) But there is a bug here when it is maximized I think.
• aheinecke added a comment to T5957: Kleopatra: Show recipient information in the Notepad next to the input field .
Another thing we noticed today is that the pgpOnly check that determines if S/MIME and PGP or only PGP is shown (The radio buttons at the top right corner) is done only at initialization. So if you import your first S/MIME certs it will still only offer PGP certs and no option to switch. Just as a note here instead of a different issue because it is mostly for testing but should be improved on an update.
• ebo removed a project from T6086: Kleopatra: Filtering keys doesn't work anymore: Unknown Object (Project).
works
• aheinecke triaged T6215: Kleopatra: "Not certified" Status for Validity with multiple user ids as Wishlist priority.
• ebo added a comment to T6083: Kleopatra: Sign/encrypt window size issue.
Well, the picture given as example above looks exactly as before if I choose a key by clicking on it. But at least it changes after hitting return or switching to the next line, so it's an improvement.
• ebo changed the status of T6090: Kleopatra: "Cancel" in the password dialog of "backup secret keys" has no effect from Testing to Open.
• ebo added a comment to T6090: Kleopatra: "Cancel" in the password dialog of "backup secret keys" has no effect.
I see no change in the reported behavior:
• werner triaged T6214: Kleopatra allows to export a subkey which has only a stub. as Normal priority.
Ok. Let us resolve this. The patch is in kconfigwidgets without a version marker and I already added a patch-next next to it for future versions of kconfigwidgets. Should be no problem to keep.
• werner committed rGed54fd53d1dc: tools: Need to set the dir for common.conf (authored by • werner).
tools: Need to set the dir for common.conf
Support ECC signature.
Fix wrong fix of off-by-one error.
Add constants from PKCS#11 3.0.
• gniibe committed rPTH61ae94a7489a: Revert "Don't use symbol/macro which starts with _." (authored by • gniibe).
Revert "Don't use symbol/macro which starts with _."
• gniibe added a comment to rPTH317885a6b11f: Don't use symbol/macro which starts with _..
That's from my confusion. I'll revert.
m4: Fix detection of gpgrt's libdir.
Sep 20 2022
Sep 20 2022
• werner added a comment to T6207: can't open gpg-agent.
No, it does not matter.
Sorry, you need to wait for gnupg 2.3.8. It's next on our shortlist.
• gniibe added a comment to T5862: authentication with USB token.
Testing gpg-auth : There are two different use cases
- test with xsecurelock for screen lock
- test with pam-autoproto for login / gdm / etc.
• werner raised a concern with rPTH317885a6b11f: Don't use symbol/macro which starts with _..
Why? One underscrore followed by a lowercase letter is not a reserved symbol. It is common to use this for symbols which are not part of the public API but need to have global linkage. Also not all system have a way to limit the visibility and there we need to use them for internal symbols.
• gniibe committed rPTH317885a6b11f: Don't use symbol/macro which starts with _. (authored by • gniibe).
Don't use symbol/macro which starts with _.
• gniibe added a comment to T5862: authentication with USB token.
Here are pam_authproto.c with Makefile, so that you can compile it with libpam:
vitusb added a comment to T6203: GpgOL (Gpg4Win 3.1.24) / Error in parsing mail-headers (empty mail-body without correct decoded encryption-scheme) when using gpgol.dll 2.5.4 (gpgol.dll 2.5.0 from 3.1.16 works).
If you could try: https://files.gpg4win.org/Beta/gpgol/2.5.5-beta2/x64/ (Source tarball in the directory above, signed by my key)
If you could enable data debugging though (Include Data) in a log. And send it to me
Sep 19 2022
Sep 19 2022
• werner added a comment to T2300: Second crlDP is not used if first is unavailable.
What is a partial CRL; I have never seen that and IIRC the specification for that was not complete.
• werner triaged T6212: The ssh keys are no longer returned in the order from control file after T5996 as Normal priority.
We want to get rid of sshcontrol but we could keep it as an optional configuration to sort keys. I won't say it is a bug, though.
• aheinecke committed rEb5043421d2b3: build: Fix installation of gpg-error-config.1. (authored by Damien Goutte-Gattat via Gnupg-devel <gnupg-devel@gnupg.org>).
build: Fix installation of gpg-error-config.1.
• aheinecke added a comment to T2300: Second crlDP is not used if first is unavailable.
For what it is worth, I think that my patch is more standard compliant then yours because it checks if there is a partial CRL.
• aheinecke reassigned T2300: Second crlDP is not used if first is unavailable from • aheinecke to • werner.
I think 289fbc550d18a7f9b26c794a2409ba820811f6b3 implemented this wish from 2016 :) @werner please read the full report and then close it as fixed if you agree. I find it a bit funny that we both came independently to the same conclusion, that it should be handled differently even if the standard says otherwise. Because the behavior from the standard does not make sense and is in contradiction to other parts where it says that each CRL must contain all revocations.
• aheinecke added a comment to T6203: GpgOL (Gpg4Win 3.1.24) / Error in parsing mail-headers (empty mail-body without correct decoded encryption-scheme) when using gpgol.dll 2.5.4 (gpgol.dll 2.5.0 from 3.1.16 works).
If you could try: https://files.gpg4win.org/Beta/gpgol/2.5.5-beta2/x64/ (Source tarball in the directory above, signed by my key) Doc for this can be found here: https://wiki.gnupg.org/TroubleShooting#Manually_update_GpgOL_to_a_beta
joeyberkovitz added a comment to T6047: Dirmngr - LDAP Schema V2 not used when Base DN is specified.
just checking in about getting this patch reviewed
Fix IMAP access to encrypted mails
• aheinecke added a comment to T6203: GpgOL (Gpg4Win 3.1.24) / Error in parsing mail-headers (empty mail-body without correct decoded encryption-scheme) when using gpgol.dll 2.5.4 (gpgol.dll 2.5.0 from 3.1.16 works).
I think what I saw and reproduced (and now fixed) was a different issue though. 5fd467a00d3ffa6c1ca83e9a248f4c01d77bbe72 broke IMAP connections for GpgOL in general. So we definitely will make a new, at least minor GnuPG VS-Desktop release. But first we need to reproduce and also fix your issue.
• aheinecke added a comment to T6203: GpgOL (Gpg4Win 3.1.24) / Error in parsing mail-headers (empty mail-body without correct decoded encryption-scheme) when using gpgol.dll 2.5.4 (gpgol.dll 2.5.0 from 3.1.16 works).
Good news is that I can reproduce the bug in our testlab by connecting an account via IMAP to exchange. Our other IMAP tests have intermediates like dovecot. The fix for this will be fairly simple but first I wanted to ensure that we could reproduce it for future testing of releases as this is a case that should have been covered.
• aheinecke triaged T6203: GpgOL (Gpg4Win 3.1.24) / Error in parsing mail-headers (empty mail-body without correct decoded encryption-scheme) when using gpgol.dll 2.5.4 (gpgol.dll 2.5.0 from 3.1.16 works) as High priority.
Hello,
many thanks for the detailed report, I have given it some time to analyze and think I understand it:
• alexk triaged T6211: KMail should process "Confirm your key publication" messages from WKS-Server as Normal priority.
• gniibe added a comment to T4002: gpg-error.h uses c11 reserved word "noreturn".
@ikloecker Thank you for the pointer.
When people will use C23 compiler, there will be no problem (even with non-fixed version). That's good. :-)
chyen added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.
I hacked configure.ac of gnupg to force it build with libgpg-error 1.45, and OpenSSH works with the created pipe. Maybe the libgpg-error fix is only necessary in some certain circumstances?