perske (Rainer Perske)
User

Projects

User does not belong to any projects.

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Saturday

  • Clear sailing ahead.

User Details

User Since
Mar 27 2017, 4:49 PM (89 w, 2 d)
Availability
Available

Recent Activity

Aug 9 2018

perske added a comment to T4095: Add non-interactive --quick-revoke-sig.

Well, I have already tried to explain the use case: To make using cryptography easier for our users (for most of them the command line is the hell ...) I have integrated GnuPG in our webmailer. The webmailer has a key management page where you can import and export keys (up- and download, import from mail, attach to mail etc.), where you can edit trust settings, and where you can sign other keys and revoke such signatures. The webmailer certainly does not offer all capabilities of GnuPG but certainly a substantial subset.

Aug 9 2018, 11:06 AM · gnupg, Feature Request

Aug 8 2018

perske created T4095: Add non-interactive --quick-revoke-sig.
Aug 8 2018, 6:33 PM · gnupg, Feature Request

Oct 20 2017

perske added a comment to T1644: Do not expect KeyIDs to be unique.

I am preparing the patch I am using against 2.2.0. What is DCO?

Oct 20 2017, 1:29 PM · gnupg (gpg22), S/MIME, Bug Report

Oct 1 2016

perske added a comment to T2699: Assuan Context for inquiry callback not set if gpg-agent is just started.

If a apply that fix to an unmodified 2.1.15, my problem is solved:
My test case (importing a PKCS#12 file with pinentry-mode=loopback if the agent
has not been started before) now works. Thank you!

Oct 1 2016, 1:50 AM · Bug Report, gnupg
perske added a comment to T2698: Building static GnuPG fails with 2.1.15 (works with 2.1.14).

If a apply that fix to an unmodified 2.1.15, my problem is solved. Thank you!

Oct 1 2016, 12:34 AM · Bug Report, gnupg

Sep 23 2016

perske added a comment to T2699: Assuan Context for inquiry callback not set if gpg-agent is just started.

D382: 888_call-agent-ctx.patch

Sep 23 2016, 1:00 PM · Bug Report, gnupg
perske added a comment to T2699: Assuan Context for inquiry callback not set if gpg-agent is just started.

Correction (not "->" but "."): Add this line:

  inq_parm.ctx = agent_ctx;

Patch attached. Works for me for 2.1.14.
(Should work for 2.1.15, too, but I cannot test due to T2698.)

Sep 23 2016, 1:00 PM · Bug Report, gnupg
perske changed Version from 2.1.14 to 2.1.14, 2.1.15 on T2699: Assuan Context for inquiry callback not set if gpg-agent is just started.
Sep 23 2016, 11:46 AM · Bug Report, gnupg
perske added a comment to T2699: Assuan Context for inquiry callback not set if gpg-agent is just started.

Same in current version 2.1.15 (file is identical)

Sep 23 2016, 11:46 AM · Bug Report, gnupg
perske set Version to 2.1.14 on T2699: Assuan Context for inquiry callback not set if gpg-agent is just started.
Sep 23 2016, 2:43 AM · Bug Report, gnupg
perske added projects to T2699: Assuan Context for inquiry callback not set if gpg-agent is just started: gnupg, Bug Report.
Sep 23 2016, 2:43 AM · Bug Report, gnupg

Sep 22 2016

perske added a comment to T2698: Building static GnuPG fails with 2.1.15 (works with 2.1.14).

Perhaps the following change between 2.1.14 and 2.1.15 has something to do with the problem: It causes
both no-libgcrypt.o and $(LIBGCRYPT_LIBS) to be linked in.

diff -ru gnupg-2.1.14/dirmngr/Makefile.am gnupg-2.1.15/dirmngr/Makefile.am

  • gnupg-2.1.14/dirmngr/Makefile.am 2016-06-16 17:23:13.000000000 +0200

+++ gnupg-2.1.15/dirmngr/Makefile.am 2016-08-18 17:00:16.000000000 +0200
@@ -94,8 +94,8 @@
dirmngr_ldap_CFLAGS = $(GPG_ERROR_CFLAGS) $(LIBGCRYPT_CFLAGS)
dirmngr_ldap_LDFLAGS =
dirmngr_ldap_LDADD = $(libcommon) no-libgcrypt.o \

  • $(GPG_ERROR_LIBS) $(LDAPLIBS) $(LBER_LIBS) $(LIBINTL) \
  • $(LIBICONV)

+ $(GPG_ERROR_LIBS) $(LIBGCRYPT_LIBS) $(LDAPLIBS) \
+ $(LBER_LIBS) $(LIBINTL) $(LIBICONV)
endif

dirmngr_client_SOURCES = dirmngr-client.c

Sep 22 2016, 7:02 PM · Bug Report, gnupg
perske added a comment to T2698: Building static GnuPG fails with 2.1.15 (works with 2.1.14).

There is a regression in GnuPG 2.1.15.

After building

  npth-1.2          with --prefix=/xxx --enable-static --disable-shared
  libgpg-error-1.24 with --prefix=/xxx --enable-static --disable-shared
  libassuan-2.4.3   with --prefix=/xxx --enable-static --disable-shared --with-gpg-error-prefix=/xxx
  libgcrypt-1.7.3   with --prefix=/xxx --enable-static --disable-shared --with-gpg-error-prefix=/xxx
  libksba-1.3.5     with --prefix=/xxx --enable-static --disable-shared --with-gpg-error-prefix=/xxx

I can build without any problems:

  gnupg-2.1.14      with --prefix=/xxx --with-gpg-error-prefix=/xxx --with-npth-prefix=/xxx --with-libassuan-prefix=/xxx --with-libgcrypt-prefix=/xxx --with-ksba-prefix=/xxx

But I cannot build

  gnupg-2.1.15      with the identical options.

Compilation fails with these messages:

Making all in dirmngr
make[2]: Entering directory `/aaa/gnupg-2.1.15/dirmngr'
make all-am
make[3]: Entering directory `/aaa/gnupg-2.1.15/dirmngr'
gcc -I/xxx/include -I/xxx/include -Wall -Wno-pointer-sign -Wpointer-arith -g -O2 -lrt -o dirmngr_ldap dirmngr_ldap-dirmngr_ldap.o ../common/libcommon.a no-libgcrypt.o -L/xxx/lib -lgpg-error -L/xxx/lib -lgcrypt -lgpg-error -L/xxx/lib -lldap -llber
/xxx/lib/libgcrypt.a(libgcrypt_la-visibility.o): In function `gcry_free':
/aaa/libgcrypt-1.7.3/src/visibility.c:1554: multiple definition of `gcry_free'
no-libgcrypt.o:/aaa/gnupg-2.1.15/dirmngr/no-libgcrypt.c:111: first defined here
/usr/bin/ld: Warning: size of symbol `gcry_free' changed from 18 in no-libgcrypt.o to 5 in /xxx/lib/libgcrypt.a(libgcrypt_la-visibility.o)
/xxx/lib/libgcrypt.a(libgcrypt_la-visibility.o): In function `gcry_xstrdup':
/aaa/libgcrypt-1.7.3/src/visibility.c:1548: multiple definition of `gcry_xstrdup'
no-libgcrypt.o:/aaa/gnupg-2.1.15/dirmngr/no-libgcrypt.c:100: first defined here
/usr/bin/ld: Warning: size of symbol `gcry_xstrdup' changed from 75 in no-libgcrypt.o to 5 in /xxx/lib/libgcrypt.a(libgcrypt_la-visibility.o)
/xxx/lib/libgcrypt.a(libgcrypt_la-visibility.o): In function `gcry_xrealloc':
/aaa/libgcrypt-1.7.3/src/visibility.c:1542: multiple definition of `gcry_xrealloc'
no-libgcrypt.o:/aaa/gnupg-2.1.15/dirmngr/no-libgcrypt.c:73: first defined here
/usr/bin/ld: Warning: size of symbol `gcry_xrealloc' changed from 29 in no-libgcrypt.o to 5 in /xxx/lib/libgcrypt.a(libgcrypt_la-visibility.o)
/xxx/lib/libgcrypt.a(libgcrypt_la-visibility.o): In function `gcry_xcalloc':
/aaa/libgcrypt-1.7.3/src/visibility.c:1524: multiple definition of `gcry_xcalloc'
no-libgcrypt.o:/aaa/gnupg-2.1.15/dirmngr/no-libgcrypt.c:90: first defined here
/usr/bin/ld: Warning: size of symbol `gcry_xcalloc' changed from 29 in no-libgcrypt.o to 5 in /xxx/lib/libgcrypt.a(libgcrypt_la-visibility.o)
/xxx/lib/libgcrypt.a(libgcrypt_la-visibility.o): In function `gcry_xmalloc':
/aaa/libgcrypt-1.7.3/src/visibility.c:1518: multiple definition of `gcry_xmalloc'
no-libgcrypt.o:/aaa/gnupg-2.1.15/dirmngr/no-libgcrypt.c:48: first defined here
/usr/bin/ld: Warning: size of symbol `gcry_xmalloc' changed from 29 in no-libgcrypt.o to 5 in /xxx/lib/libgcrypt.a(libgcrypt_la-visibility.o)
/xxx/lib/libgcrypt.a(libgcrypt_la-visibility.o): In function `gcry_strdup':
/aaa/libgcrypt-1.7.3/src/visibility.c:1512: multiple definition of `gcry_strdup'
no-libgcrypt.o:/aaa/gnupg-2.1.15/dirmngr/no-libgcrypt.c:57: first defined here
/usr/bin/ld: Warning: size of symbol `gcry_strdup' changed from 68 in no-libgcrypt.o to 5 in /xxx/lib/libgcrypt.a(libgcrypt_la-visibility.o)
/xxx/lib/libgcrypt.a(libgcrypt_la-visibility.o): In function `gcry_realloc':
/aaa/libgcrypt-1.7.3/src/visibility.c:1506: multiple definition of `gcry_realloc'
no-libgcrypt.o:/aaa/gnupg-2.1.15/dirmngr/no-libgcrypt.c:68: first defined here
/xxx/lib/libgcrypt.a(libgcrypt_la-visibility.o): In function `gcry_malloc_secure':
/aaa/libgcrypt-1.7.3/src/visibility.c:1494: multiple definition of `gcry_malloc_secure'
no-libgcrypt.o:/aaa/gnupg-2.1.15/dirmngr/no-libgcrypt.c:43: first defined here
/xxx/lib/libgcrypt.a(libgcrypt_la-visibility.o): In function `gcry_calloc':
/aaa/libgcrypt-1.7.3/src/visibility.c:1488: multiple definition of `gcry_calloc'
no-libgcrypt.o:/aaa/gnupg-2.1.15/dirmngr/no-libgcrypt.c:85: first defined here
/xxx/lib/libgcrypt.a(libgcrypt_la-visibility.o): In function `gcry_malloc':
/aaa/libgcrypt-1.7.3/src/visibility.c:1482: multiple definition of `gcry_malloc'
no-libgcrypt.o:/aaa/gnupg-2.1.15/dirmngr/no-libgcrypt.c:37: first defined here
/xxx/lib/libgcrypt.a(libgcrypt_la-visibility.o): In function `gcry_set_log_handler':
/aaa/libgcrypt-1.7.3/src/visibility.c:1470: multiple definition of `gcry_set_log_handler'
no-libgcrypt.o:/aaa/gnupg-2.1.15/dirmngr/no-libgcrypt.c:144: first defined here
/usr/bin/ld: Warning: size of symbol `gcry_set_log_handler' changed from 2 in no-libgcrypt.o to 5 in /xxx/lib/libgcrypt.a(libgcrypt_la-visibility.o)
/xxx/lib/libgcrypt.a(libgcrypt_la-visibility.o): In function `gcry_set_fatalerror_handler':
/aaa/libgcrypt-1.7.3/src/visibility.c:1464: multiple definition of `gcry_set_fatalerror_handler'
no-libgcrypt.o:/aaa/gnupg-2.1.15/dirmngr/no-libgcrypt.c:137: first defined here
/usr/bin/ld: Warning: size of symbol `gcry_set_fatalerror_handler' changed from 2 in no-libgcrypt.o to 5 in /xxx/lib/libgcrypt.a(libgcrypt_la-visibility.o)
/xxx/lib/libgcrypt.a(libgcrypt_la-visibility.o): In function `gcry_set_outofcore_handler':
/aaa/libgcrypt-1.7.3/src/visibility.c:1458: multiple definition of `gcry_set_outofcore_handler'
no-libgcrypt.o:/aaa/gnupg-2.1.15/dirmngr/no-libgcrypt.c:130: first defined here
/usr/bin/ld: Warning: size of symbol `gcry_set_outofcore_handler' changed from 2 in no-libgcrypt.o to 5 in /xxx/lib/libgcrypt.a(libgcrypt_la-visibility.o)
/xxx/lib/libgcrypt.a(libgcrypt_la-visibility.o): In function `gcry_create_nonce':
/aaa/libgcrypt-1.7.3/src/visibility.c:1351: multiple definition of `gcry_create_nonce'
no-libgcrypt.o:/aaa/gnupg-2.1.15/dirmngr/no-libgcrypt.c:149: first defined here
/usr/bin/ld: Warning: size of symbol `gcry_create_nonce' changed from 16 in no-libgcrypt.o to 90 in /xxx/lib/libgcrypt.a(libgcrypt_la-visibility.o)
/xxx/lib/libgcrypt.a(libgcrypt_la-visibility.o): In function `gcry_cipher_algo_name':
/aaa/libgcrypt-1.7.3/src/visibility.c:800: multiple definition of `gcry_cipher_algo_name'
no-libgcrypt.o:/aaa/gnupg-2.1.15/dirmngr/no-libgcrypt.c:162: first defined here
/usr/bin/ld: Warning: size of symbol `gcry_cipher_algo_name' changed from 6 in no-libgcrypt.o to 5 in /xxx/lib/libgcrypt.a(libgcrypt_la-visibility.o)
/xxx/lib/libgcrypt.a(libgcrypt_la-visibility.o): In function `gcry_control':
/aaa/libgcrypt-1.7.3/src/visibility.c:74: multiple definition of `gcry_control'
no-libgcrypt.o:/aaa/gnupg-2.1.15/dirmngr/no-libgcrypt.c:123: first defined here
/usr/bin/ld: Warning: size of symbol `gcry_control' changed from 3 in no-libgcrypt.o to 163 in /xxx/lib/libgcrypt.a(libgcrypt_la-visibility.o)
collect2: ld gab 1 als Ende-Status zurück
make[3]: * [dirmngr_ldap] Fehler 1
make[3]: Leaving directory `/aaa/gnupg-2.1.15/dirmngr'
make[2]:
* [all] Fehler 2
make[2]: Leaving directory `/aaa/gnupg-2.1.15/dirmngr'
make[1]: * [all-recursive] Fehler 1
make[1]: Leaving directory `/aaa/gnupg-2.1.15'
make:
* [all] Fehler 2

Most probably /aaa/gnupg-2.1.15/dirmngr/no-libgcrypt.c is being used where it shouldn't.

Do you need further information?

Thank you

Sep 22 2016, 6:43 PM · Bug Report, gnupg
perske added projects to T2698: Building static GnuPG fails with 2.1.15 (works with 2.1.14): gnupg, Bug Report.
Sep 22 2016, 6:28 PM · Bug Report, gnupg
perske set Version to 2.1.15 on T2698: Building static GnuPG fails with 2.1.15 (works with 2.1.14).
Sep 22 2016, 6:28 PM · Bug Report, gnupg

Aug 1 2016

perske added projects to T2432: gpgsm --with-colons --list-keys writes an excessive colon, causing --with-secret to write to the wrong column: gnupg, Bug Report.
Aug 1 2016, 1:57 AM · Bug Report, gnupg
perske set Version to 2.1.14 on T2432: gpgsm --with-colons --list-keys writes an excessive colon, causing --with-secret to write to the wrong column.
Aug 1 2016, 1:57 AM · Bug Report, gnupg

Jul 31 2016

perske added a comment to T1644: Do not expect KeyIDs to be unique.

D198: 866_gnupg-2.1.14.diff

Jul 31 2016, 10:00 PM · gnupg (gpg22), S/MIME, Bug Report
perske added a comment to T1644: Do not expect KeyIDs to be unique.

With T1590 irrelevant, issues 1862, 1970, and 2336 resolved (very special
thanks to everyone who helped in fixing them!), this is the only problem left in
version 2.1.14 that forces me to use a patched version of gpgsm for my webmailer.

My patch from 2014-04-30 works, but by mistake ("if (cmp < 0)" in place of "if
(cmp > 0)" it selects not the newest but the oldest one of the ambiguous
certificates what is bad in the DFN PKI because an older one of the certificates
is revoked, so I attach a new patch against 2.1.14.

Jul 31 2016, 10:00 PM · gnupg (gpg22), S/MIME, Bug Report
perske reopened T2336: libgcrypt 1.7.0 fails to be created as "Open".
Jul 31 2016, 12:11 AM · Not A Bug, Bug Report, libgcrypt
perske added a comment to T2336: libgcrypt 1.7.0 fails to be created.

Sorry for not providing further infos, I did not find the time before now.
I just tested with version 1.7.2; there the problem has disappeared.

I guess this change mentioned in the change log is the relevant one:
+2016-07-01 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ Fix static build.
+ * tests/pubkey.c (_gcry_pk_util_get_nbits): Make function 'static'.

Thank you very much, the case can be closed.

Jul 31 2016, 12:11 AM · Not A Bug, Bug Report, libgcrypt

Apr 25 2016

perske set Version to 1.7.0 on T2336: libgcrypt 1.7.0 fails to be created.
Apr 25 2016, 7:14 PM · Not A Bug, Bug Report, libgcrypt
perske added projects to T2336: libgcrypt 1.7.0 fails to be created: libgcrypt, Bug Report.
Apr 25 2016, 7:14 PM · Not A Bug, Bug Report, libgcrypt

May 7 2015

perske removed a project from T1970: Implement --pinentry-mode loopback --passphrase-fd 9 also for gpgsm: Feature Request.
May 7 2015, 11:27 AM · Bug Report, gnupg
perske added a project to T1970: Implement --pinentry-mode loopback --passphrase-fd 9 also for gpgsm: Bug Report.
May 7 2015, 11:27 AM · Bug Report, gnupg
perske added a comment to T1970: Implement --pinentry-mode loopback --passphrase-fd 9 also for gpgsm.

Background information:

With GnuPG 2.1, my webmailer does no longer work.

In principle, I use the following procedure e. g. for signing an e-mail:

  1. My GnuPG 2.0 is compiled with the option

--with-pinentry-pgm=/path/to/pinentrywrapper

  1. The user enters text and passphrase into the HTML form.
  1. I encrypt the passphrase with symmetric cryptography
  1. I set the environment variable PINENTRY_USER_DATA to the encrypted password

(see also T799)

  1. I set the environment variable GPG_TTY to "PINENTRY/pinentry-permail"
  1. I also set the environment variables HOME and GNUPGHOME.
  1. I launch /path/to/gpg-agent --daemon --sh --no-allow-mark-trusted
  1. I parse the output GPG_AGENT_INFO=/path/to/socket:process_number:version_number
  1. Then I sign, encrypt, decrypt, verify or whatever the user wants by
    • putting GPG_AGENT_INFO and all other needed variables into the environment
    • starting /path/to/gpgsm with all needed options for the respective transaction
  1. Then gpgsm contacts the just started gpg-agent which calls my

/path/to/pinentrywrapper which detects the "magic" GPG_TTY setting and does not
try to start a dialog on the (non-existent) terminal or desktop, but simply
responds with the decrypted content of PINENTRY_USER_DATA whenever a passphrase
input is requested.

  1. Finally I kill the gpg-agent using the process_number extracted above.

This procedure does no longer work with GnuPG 2.1 because I cannot start a new
agent for every transaction: gpg-agent of 2.1 uses the default socket, not a new
one, and does not write its process_number into GPG_AGENT_INFO, and, most
important, gpgsm disregards GPG_AGENT_INFO so that I cannot tell gpgsm which
running gpg-agent to contact. (There can be multiple transactions at the same
time; I trust in gpg-agent to properly lock files where necessary.)

As long as there is no way of passing the entered passphrase from my webmailer
to gpg-agent in any other way than by writing it into the environment when
starting gpg-agent and using a special pinentry that reads this environment, I
have to start a new gpg-agent for every transaction because different
transactions may need different passphrases.

That, of course, is only an ugly, ugly circumvention of a limitation of gpgsm.

gpg2 knows options --pinentry-mode loopback --passphrase-fd file_number, and
gpg-agent offers all support for using these options. Only gpgsm does not
support it.

If gpgsm would also offer these options, the whole hack with a magic GPG_TTY,
with the encrypted PINENTRY_USER_DATA, with using a pinentry wrapper, and with
using special options when compiling GnuPG 2.0 would be completely unnecessary.

So please please please copy the code that implements --pinentry-mode loopback
--passphrase-fd file_number from gpg2 to gpgsm.

Thank you very much!

May 7 2015, 11:27 AM · Bug Report, gnupg

May 6 2015

perske set Version to 2.1.3 on T1970: Implement --pinentry-mode loopback --passphrase-fd 9 also for gpgsm.
May 6 2015, 8:28 PM · Bug Report, gnupg
perske added projects to T1970: Implement --pinentry-mode loopback --passphrase-fd 9 also for gpgsm: Feature Request, gnupg.
May 6 2015, 8:28 PM · Bug Report, gnupg

Apr 30 2015

perske changed Version from 2.0.22, 2.1.2 to 2.0.22, 2.1.3 on T1644: Do not expect KeyIDs to be unique.
Apr 30 2015, 8:16 PM · gnupg (gpg22), S/MIME, Bug Report
perske added a comment to T1644: Do not expect KeyIDs to be unique.

I propose to implement a partly solution as a start: Add a 4th parameter
"allow_ambiguous" to gpgsm_find_cert() in "sm/certlist.c".

When called from "sm/gpgsm.c" or "sm/server.c" or anywhere else, set this
parameter to 0. Then gpgsm_find_cert() will behave like before.

When called by inq_certificate() in "sm/call-dirmngr.c", set this parameter to

  1. Then gpgsm_find_cert() will not bail out an ambiguous certificates, but

return the newest one of the matching certificates (according to
validity.notBefore).

(I am not sure what to pass when called by run_command_inq_cb() in
"sm/call-dirmngr.c" because I did not yet understand in which situation this
callback is used.)

As far as I can see, this change never hurts, but it helps when there are
multiple certificates for intermediate CAs with identical subject and identical
key by allowing to use "gpgsm" without "--disable-crl-checs --disable-dirmngr".

See attached patch.

(A complete solution probably requires call-dirmngr to return all matching
certificates and dirmngr to try each of the returned certificates in a loop.)

Apr 30 2015, 8:16 PM · gnupg (gpg22), S/MIME, Bug Report
perske added a comment to T1644: Do not expect KeyIDs to be unique.

D199: 601_gnupg.diff

Apr 30 2015, 8:16 PM · gnupg (gpg22), S/MIME, Bug Report
perske added projects to T1964: make distclean forgets tests/crls.d and tests/S.dirmngr: gnupg, Bug Report.
Apr 30 2015, 6:40 PM · Bug Report, gnupg
perske set Version to 2.1.3 on T1964: make distclean forgets tests/crls.d and tests/S.dirmngr.
Apr 30 2015, 6:40 PM · Bug Report, gnupg

Apr 28 2015

perske added a comment to T1862: Building static GnuPG 2.1.2 fails due to multiply defined symbols..

Great. Thanks for your work!
(With these fixes, I am now able to test whether T1644 is solved in 2.1.2,
unfortunately it is not.)

Apr 28 2015, 1:36 PM · Bug Report, gnupg
perske reopened T1862: Building static GnuPG 2.1.2 fails due to multiply defined symbols. as "Open".
Apr 28 2015, 1:36 PM · Bug Report, gnupg

Apr 27 2015

perske added a comment to T1644: Do not expect KeyIDs to be unique.

The error "Ambiguous Name" is generated in "sm/certlist.c" in gpgsm_find_cert().

Arguments to this function are:

name:

"/1.2.840.113549.1.9.1=#636140756E692D6D75656E737465722E6465,CN=Zertifizierungsstelle
Universitaet Muenster - G02,O=Universitaet Muenster,C=DE"

keyid: NULL

Caller is the function inq_certificate() in "sm/call-dirmngr.c".
Argument to this function is:

line: "SENDCERT

/1.2.840.113549.1.9.1=#636140756E692D6D75656E737465722E6465,CN=Zertifizierungsstelle
Universitaet Muenster - G02,O=Universitaet Muenster,C=DE"
This is caused in function gpgsm_dirmngr_isvalid() in "sm/call-dirmngr.c" by
calling assuan_transact() with

  line: "ISVALID A52EFAEFBC86EF98C5E9AA92B3ECEC4101080F0A.1700BFBB98F74B"

When looking up the CRL, GnuPG assumes that there is only one certificate with
the Distinguished Name of the Certification Authority.
But that is not true: Distinguished Names distinguish identities, not
certificates. The same identity can hold multiple certificates at the same time.
So GnuPG must be fixed to allow multiple valid certificates with the same
Distinguished Name.
Wenn looking up a CRL, GnuPG may use any of these certificates.
My proposal: Perhaps you could implement and use a dirmngr function "SENDANYCERT"?

Apr 27 2015, 2:05 PM · gnupg (gpg22), S/MIME, Bug Report
perske changed Version from 2.0.22 to 2.0.22, 2.1.2 on T1644: Do not expect KeyIDs to be unique.
Apr 27 2015, 2:05 PM · gnupg (gpg22), S/MIME, Bug Report
perske added a comment to T1644: Do not expect KeyIDs to be unique.

With 2.1.2, the bug still exists:

[/home/permail/RHEL5/devel/gpgfamily/bin/gpgsm] [--no-greeting] [--yes]
[--auto-issuer-key-retrieve] [--batch] [--no-tty] [--homedir]
[/home/p/perske/.perMail/gnupghome] [--base64] [--detach] [--local-user]
[&7CF2C58D823C0ED461ED6B1FD13F9E96B6F7C436] [--status-fd] [8] [--output]
[/index/permail/RHEL5/devel/sso/work/pgp.fe5316b600000e8a.out] [--sign]
[/index/permail/RHEL5/devel/sso/work/pgp.fe5316b600000e8a.dat]
(using a self-written pinentry replacement)

Output is now reduced, but basically unchanged:

gpgsm: Note: non-critical certificate policy not allowed
gpgsm: certificate not found: Ambiguous name
gpgsm: certificate
#1700BFBB98F74B/1.2.840.113549.1.9.1=#636140756E692D6D75656E737465722E6465,CN=Zertifizierungsstelle
Universitaet Muenster - G02,O=Universitaet Muenster,C=DE
gpgsm: checking the CRL failed: Not found
gpgsm: can't sign using '&7CF2C58D823C0ED461ED6B1FD13F9E96B6F7C436': Not found

Currently used versions:

gnupg-1.4.18.tar.bz2
gnupg-2.1.2.tar.bz2 (build process patched according to T1862)
libassuan-2.2.0.tar.bz2
libgcrypt-1.6.2.tar.bz2
libgpg-error-1.18.tar.bz2
libksba-1.3.2.tar.bz2
npth-1.1.tar.bz2
pinentry-0.9.0.tar.bz2
(my own) pinentry.c

Apr 27 2015, 12:56 PM · gnupg (gpg22), S/MIME, Bug Report

Apr 25 2015

perske added a comment to T1862: Building static GnuPG 2.1.2 fails due to multiply defined symbols..

That's it! Setting

+ export LDFLAGS=-lrt

and then running the build process as described in my original report and in
msg6216, compilation is successful.

Thank you very, very much!

Apr 25 2015, 1:25 PM · Bug Report, gnupg

Apr 24 2015

perske added a comment to T1862: Building static GnuPG 2.1.2 fails due to multiply defined symbols..

A big step forward :-)

With the command sequence

+ [... for building prerequisites see original bug report ...]
+ tar jvxf ../gnupg-2.1.2.tar.bz2
+ cd gnupg-2.1.2
+ /bin/cp -i common/Makefile.am common/Makefile.am.orig </dev/null || true
+ /bin/cp -i common/Makefile.in common/Makefile.in.orig </dev/null || true
+ s1='s|^t_jnlib_src = t-support\.c t-support\.h$|t_jnlib_src = t-support.h|'
+ s2='s|^amobjects_18 = t-support\.\$(OBJEXT)$|amobjects_18 =|'
+ /bin/sed "$s1" <common/Makefile.am.orig >common/Makefile.am
+ /bin/sed "$s1;$s2" <common/Makefile.in.orig >common/Makefile.in
+ ./configure --prefix=/PREFIX --with-gpg-error-prefix=/PREFIX
--with-npth-prefix=/PREFIX --with-libassuan-prefix=/PREFIX
--with-libgcrypt-prefix=/PREFIX --with-ksba-prefix=/PREFIX
--with-pinentry-pgm=/PREFIX/bin/pinentrywrapper
+ make

the build process fails later:

[...]
make[2]: Leaving directory `/root/devel/rpgpg/work/gnupg-2.1.2/sm'
Making all in agent
make[2]: Entering directory `/root/devel/rpgpg/work/gnupg-2.1.2/agent'
[...]
gcc -I/PREFIX/include -I/PREFIX/include -I/PREFIX/include -I/PREFIX/include -g
-O2 -Wall -Wno-pointer-sign -Wpointer-arith -o gpg-agent gpg_agent-gpg-agent.o
gpg_agent-command.o gpg_agent-command-ssh.o gpg_agent-call-pinentry.o
gpg_agent-cache.o gpg_agent-trans.o gpg_agent-findkey.o gpg_agent-pksign.o
gpg_agent-pkdecrypt.o gpg_agent-genkey.o gpg_agent-protect.o
gpg_agent-trustlist.o gpg_agent-divert-scd.o gpg_agent-cvt-openpgp.o
gpg_agent-call-scd.o gpg_agent-learncard.o ../common/libcommonpth.a
-L/PREFIX/lib -lgcrypt -lgpg-error -lassuan -L/PREFIX/lib -lgpg-error
-L/PREFIX/lib -lnpth -lpthread -L/PREFIX/lib -lgpg-error
/PREFIX/lib/libnpth.a(npth.o): In function `npth_clock_gettime':
/root/devel/rpgpg/work/npth-1.1/src/npth.c:699: undefined reference to
`clock_gettime'
collect2: ld returned 1 exit status
make[2]: * [gpg-agent] Error 1
make[2]: Leaving directory `/root/devel/rpgpg/work/gnupg-2.1.2/agent'
make[1]:
* [all-recursive] Error 1
make[1]: Leaving directory `/root/devel/rpgpg/work/gnupg-2.1.2'
make: *** [all] Error 2

Shall we keep in this issue or open a new one?

Apr 24 2015, 12:40 PM · Bug Report, gnupg

Apr 23 2015

perske added a comment to T1862: Building static GnuPG 2.1.2 fails due to multiply defined symbols..

See the description of my build steps in my original report: After

+ tar jvxf ../gnupg-2.1.2.tar.bz2
+ cd gnupg-2.1.2

I manually changed both common/Makefile.am and common/Makefile.in and then
continued with

+ ./configure --prefix=/PREFIX --with-gpg-error-prefix=/PREFIX
--with-npth-prefix=/PREFIX --with-libassuan-prefix=/PREFIX
--with-libgcrypt-prefix=/PREFIX --with-ksba-prefix=/PREFIX
--with-pinentry-pgm=/PREFIX/bin/pinentrywrapper
+ make

Apr 23 2015, 1:08 PM · Bug Report, gnupg
perske added a comment to T1862: Building static GnuPG 2.1.2 fails due to multiply defined symbols..

no change: I had already tried installing from scratch working in an empty
directory.

Apr 23 2015, 10:20 AM · Bug Report, gnupg

Apr 22 2015

perske added a comment to T1862: Building static GnuPG 2.1.2 fails due to multiply defined symbols..

Thank you, but I regret, the patch does not change anything.
(I have made the corresponding change in common/Makefile.in, too,
with same result.)

Apr 22 2015, 3:23 PM · Bug Report, gnupg

Mar 4 2015

perske added a comment to T1862: Building static GnuPG 2.1.2 fails due to multiply defined symbols..

Platform: Red Hat Enterprise Linux 5.11

ldconfig: I did not (assuming that make install does it if necessary)

Running "sudo ldconfig" after each "sudo make install" does not help.

Mar 4 2015, 2:06 PM · Bug Report, gnupg

Mar 3 2015

perske added a comment to T1644: Do not expect KeyIDs to be unique.

I really want to try, but I cannot compile 2.1.2 due to T1862.

Mar 3 2015, 7:38 PM · gnupg (gpg22), S/MIME, Bug Report
perske set Version to 2.1.2 on T1862: Building static GnuPG 2.1.2 fails due to multiply defined symbols..
Mar 3 2015, 7:36 PM · Bug Report, gnupg
perske added projects to T1862: Building static GnuPG 2.1.2 fails due to multiply defined symbols.: gnupg, Bug Report.
Mar 3 2015, 7:36 PM · Bug Report, gnupg
perske added a comment to T1590: dirmngr with libgcrypt 1.6.0 forgets to initialize pth properly.

Compiling with latest npth instead of latest pth does not change anything.
Without patch = segfault, with patch = works.

Mar 3 2015, 4:54 PM · In Progress, dirmngr, Bug Report, gnupg (gpg20)

Jul 1 2014

perske reopened T1644: Do not expect KeyIDs to be unique as "Open".
Jul 1 2014, 11:10 AM · gnupg (gpg22), S/MIME, Bug Report
perske added a comment to T1644: Do not expect KeyIDs to be unique.

Sorry, the fix does not remove the bug:

[/home/permail/RHEL5/devel/gpgfamily/bin/gpgsm] [--no-greeting] [--yes]
[--auto-issuer-key-retrieve] [--batch] [--no-tty] [--homedir]
[/home/p/perske/.perMail/gnupghome] [--base64] [--detach] [--local-user]
[&7CF2C58D823C0ED461ED6B1FD13F9E96B6F7C436] [--status-fd] [8] [--output]
[/index/permail/RHEL5/devel/sso/work/pgp.89542620000040ef.out] [--sign]
[/index/permail/RHEL5/devel/sso/work/pgp.89542620000040ef.dat]
(using a self-written pinentry replacement)

gpgsm: note: non-critical certificate policy not allowed
dirmngr[25485.0]: permanently loaded certificates: 0
dirmngr[25485.0]: runtime cached certificates: 0
dirmngr[25485.0]: no CRL available for issuer id
A52EFAEFBC86EF98C5E9AA92B3ECEC4101080F0A
gpgsm: certificate not found: Ambiguous name
dirmngr[25485.0]: assuan_inquire(SENDCERT) failed: IPC call has been cancelled
dirmngr[25485.0]: error fetching certificate by subject: No data
dirmngr[25485.0]: crl_parse_insert failed: Missing certificate
dirmngr[25485.0]: crl_cache_insert via DP failed: Missing certificate
dirmngr[25485.0]: command ISVALID failed: Missing certificate
gpgsm: certificate
#1700BFBB98F74B/1.2.840.113549.1.9.1=#636140756E692D6D75656E737465722E6465,CN=Zertifizierungsstelle
Universitaet Muenster - G02,O=Universitaet Muenster,C=DE
gpgsm: checking the CRL failed: Not found
gpgsm: can't sign using `&7CF2C58D823C0ED461ED6B1FD13F9E96B6F7C436': Not found

Currently used versions:

dirmngr-1.1.1.tar.bz2
dirmngr-1.1.1-pth-fix.patch
gnupg-1.4.17.tar.bz2
gnupg-2.0.24.tar.bz2
libassuan-2.1.1.tar.bz2
libgcrypt-1.6.1.tar.bz2
libgpg-error-1.13.tar.bz2
libksba-1.3.0.tar.bz2
pinentry-0.8.3.tar.bz2
pth-2.0.7.tar.gz
(my own) pinentry.c

The assuan_inquire(SENDCERT) above requests a certificate by distinguished name,
not by authority key identifier (see T1644 (perske on May 23 2014, 07:05 PM / Roundup)), thus it does not matter that the
certificates re-issued by the DFN-PKI kept their authority key identifiers; the
problem is triggered by (correctly) keeping the Distinguished Name.

(I did not yet analyze your bugfix.)

Jul 1 2014, 11:10 AM · gnupg (gpg22), S/MIME, Bug Report

May 23 2014

perske added a comment to T1644: Do not expect KeyIDs to be unique.

Deeper analysis showed that not the keygrip but the DN is misinterpreted as
unique identifyer for a certificate when used in the SENDCERT inquire by
dirmngr. So I correct the title again.

The distinguished name distinguishes human beings or network end points but
neither certificates nor key pairs. For valid reasons, there can be multiple
certificates with the same DN and these certificates may contain the same or
different public keys. The GnuPG suite has to learn to handle this situation.

Using gpgsm with the options --disable-dirmngr --disable-crl-checks made our
webmailer work again, but places all users at inacceptable higher risk. So I
keep the priority setting "critical".

May 23 2014, 7:05 PM · gnupg (gpg22), S/MIME, Bug Report
perske renamed T1644: Do not expect KeyIDs to be unique from Do not expect KeyGrip to be unique to Do not expect KeyIDs to be unique.
May 23 2014, 7:05 PM · gnupg (gpg22), S/MIME, Bug Report

May 22 2014

perske renamed T1644: Do not expect KeyIDs to be unique from Do not expect KeyIDs to be unique to Do not expect KeyGrip to be unique.
May 22 2014, 2:06 PM · gnupg (gpg22), S/MIME, Bug Report
perske set Version to 2.0.22 on T1644: Do not expect KeyIDs to be unique.
May 22 2014, 2:03 PM · gnupg (gpg22), S/MIME, Bug Report
perske added projects to T1644: Do not expect KeyIDs to be unique: gnupg (gpg20), gnupg, Bug Report.
May 22 2014, 2:03 PM · gnupg (gpg22), S/MIME, Bug Report

Jan 24 2014

perske added a comment to T1590: dirmngr with libgcrypt 1.6.0 forgets to initialize pth properly.

Looks good, compiling with libgcrypt-1.6.0 and creating a signed S/MIME e-mail
with gpgsm works.

Jan 24 2014, 3:12 PM · In Progress, dirmngr, Bug Report, gnupg (gpg20)

Dec 24 2013

perske added projects to T1590: dirmngr with libgcrypt 1.6.0 forgets to initialize pth properly: gnupg (gpg20), libgcrypt, Bug Report.
Dec 24 2013, 1:58 AM · In Progress, dirmngr, Bug Report, gnupg (gpg20)
perske set Version to 1.6.0 on T1590: dirmngr with libgcrypt 1.6.0 forgets to initialize pth properly.
Dec 24 2013, 1:58 AM · In Progress, dirmngr, Bug Report, gnupg (gpg20)

Dec 19 2013

perske added a comment to T1586: error from ldap_simple_bind_s reported wrong.

To also fix Issue1449, enhance my correction this way:

  rc = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, LDAP_VERSION3);
  if (rc)
    {
      log_error (_("setting LDAPv3 for `%s:%d' failed: %s\n"),
                 host, port, ldap_err2string (rc));
      /* FIXME: Need deinit (ld)?  */
      return -1;
    }
  rc = ldap_simple_bind_s (ld, opt.user, opt.pass);
  if (rc)
    {
      log_error (_("binding to `%s:%d' failed: %s\n"),
                 host, port, ldap_err2string (rc));
      /* FIXME: Need deinit (ld)?  */
      return -1;
    }

And add translations for the new error message.

Thank you

Dec 19 2013, 7:03 PM · Bug Report, dirmngr
perske added projects to T1586: error from ldap_simple_bind_s reported wrong: dirmngr, Bug Report.
Dec 19 2013, 6:19 PM · Bug Report, dirmngr
perske set Version to 1.1.1 on T1586: error from ldap_simple_bind_s reported wrong.
Dec 19 2013, 6:19 PM · Bug Report, dirmngr

Nov 26 2009

perske added a comment to T1160: gpgme --disable-largefile.

Why "make it fail"; why not "make it run"?
I guess (did not test) that the bug can be fixed by replacing

#if @NEED__FILE_OFFSET_BITS@

with

#if @NEED__FILE_OFFSET_BITS@ - 0

or by making configure always setting a nonempty value;
depending on your preferred style of programming.

Nov 26 2009, 10:25 AM · gpgme, Bug Report

Nov 19 2009

perske added a comment to T1160: gpgme --disable-largefile.

Nov 19 2009, 6:45 PM · gpgme, Bug Report
perske added projects to T1160: gpgme --disable-largefile: Bug Report, gpgme.
Nov 19 2009, 6:45 PM · gpgme, Bug Report
perske set Version to 1.2.0 on T1160: gpgme --disable-largefile.
Nov 19 2009, 6:45 PM · gpgme, Bug Report

Oct 13 2008

perske added a comment to T958: GPGME cannot decode all messages starting with -----BEGIN PGP MESSAGE-----.

Background info: My e-mail program is currently calling gpg via fork() and
exec() and is thus very GnuPG version dependent. It does not create such
messages, but can display them. Trying to get rid of the version dependency,
I've tried to switch to GPGME and stumbled about a test message I've received
years ago. Unfortunately the header lines do not mention what mail program was
used for sending.

Oct 13 2008, 11:58 AM · gpgme, OpenPGP

Oct 9 2008

perske set Version to 1.1.6 on T958: GPGME cannot decode all messages starting with -----BEGIN PGP MESSAGE-----.
Oct 9 2008, 7:22 PM · gpgme, OpenPGP
perske added projects to T958: GPGME cannot decode all messages starting with -----BEGIN PGP MESSAGE-----: Feature Request, gpgme.
Oct 9 2008, 7:22 PM · gpgme, OpenPGP

Mar 19 2008

perske set Version to 2.0.8 on T892: update from 2.0.7 breaks existing gpgme applications.
Mar 19 2008, 2:45 AM · Bug Report, gnupg
perske added projects to T892: update from 2.0.7 breaks existing gpgme applications: gnupg, Bug Report.
Mar 19 2008, 2:45 AM · Bug Report, gnupg

Nov 18 2007

perske added a comment to T799: Add option --pinentry-program to gpgsm/gpgp2 or allow passing options to gpg-agent by environment variable.

-----BEGIN PGP SIGNED MESSAGE-----

Nov 18 2007, 2:45 AM · gnupg, Feature Request

May 21 2007

perske added a comment to T799: Add option --pinentry-program to gpgsm/gpgp2 or allow passing options to gpg-agent by environment variable.

-----BEGIN PGP SIGNED MESSAGE-----

May 21 2007, 8:55 PM · gnupg, Feature Request

May 16 2007

perske added a comment to T799: Add option --pinentry-program to gpgsm/gpgp2 or allow passing options to gpg-agent by environment variable.

-----BEGIN PGP SIGNED MESSAGE-----

May 16 2007, 2:52 PM · gnupg, Feature Request

May 13 2007

perske raised the priority of T799: Add option --pinentry-program to gpgsm/gpgp2 or allow passing options to gpg-agent by environment variable from Wishlist to Normal.
May 13 2007, 2:38 PM · gnupg, Feature Request
perske renamed T799: Add option --pinentry-program to gpgsm/gpgp2 or allow passing options to gpg-agent by environment variable from Add option --pinentry-program to gpgsm/gpgp2, to be passed to gpg-agent when started on the fly to Add option --pinentry-program to gpgsm/gpgp2 or allow passing options to gpg-agent by environment variable.
May 13 2007, 2:38 PM · gnupg, Feature Request
perske added projects to T799: Add option --pinentry-program to gpgsm/gpgp2 or allow passing options to gpg-agent by environment variable: Feature Request, gnupg.
May 13 2007, 1:59 PM · gnupg, Feature Request
perske set Version to 2.0.4 on T799: Add option --pinentry-program to gpgsm/gpgp2 or allow passing options to gpg-agent by environment variable.
May 13 2007, 1:59 PM · gnupg, Feature Request

Feb 16 2003

perske added projects to T110: truncated uid display with gpg --edit-key --no-utf8-strings --charset iso-8859-1: gnupg, Bug Report.
Feb 16 2003, 4:46 AM · Bug Report, gnupg