S/MIMEProject
ActivePublic

Members

  • This project does not have any members.

Watchers

  • This project does not have any watchers.

Recent Activity

Mon, Nov 11

aheinecke added a commit to T4543: GpgOL: Moved S/MIME mails can no longer be read by other clients: rOb05416e7bc41: Restore S/MIME class after close.
Mon, Nov 11, 4:06 PM · g10code, S/MIME, gpg4win, gpgol

Thu, Nov 7

werner lowered the priority of T4696: Fresh certificate get's pulled into certificate chain with expired root certificate from High to Normal.
Thu, Nov 7, 3:18 PM · gnupg (gpg22), S/MIME, Bug Report

Oct 4 2019

aheinecke moved T4543: GpgOL: Moved S/MIME mails can no longer be read by other clients from Backlog to In Progress on the g10code board.
Oct 4 2019, 4:34 PM · g10code, S/MIME, gpg4win, gpgol
aheinecke added a project to T4543: GpgOL: Moved S/MIME mails can no longer be read by other clients: g10code.
Oct 4 2019, 4:31 PM · g10code, S/MIME, gpg4win, gpgol
aheinecke added a commit to T4543: GpgOL: Moved S/MIME mails can no longer be read by other clients: rOee6c1cb59204: Restore msg class for S/MIME after move.
Oct 4 2019, 4:19 PM · g10code, S/MIME, gpg4win, gpgol
aheinecke renamed T4543: GpgOL: Moved S/MIME mails can no longer be read by other clients from GpgOL: Moved S/MIME mails with attachments can no longer be read by other clients to GpgOL: Moved S/MIME mails can no longer be read by other clients.
Oct 4 2019, 4:14 PM · g10code, S/MIME, gpg4win, gpgol

Sep 9 2019

aheinecke claimed T4699: X.509 certificate request more comfortable.

I give this normal priority even if it is a whish because I have the same whish and already have some code around that would make it more comfortable, especially if it is used directly in GpgOL.

Sep 9 2019, 11:26 AM · kleopatra, S/MIME, gpg4win, Feature Request
werner added projects to T4699: X.509 certificate request more comfortable: gpg4win, S/MIME.
Sep 9 2019, 7:40 AM · kleopatra, S/MIME, gpg4win, Feature Request

Sep 5 2019

werner triaged T4696: Fresh certificate get's pulled into certificate chain with expired root certificate as High priority.

Thanks for the sample certs. I noticed the posts but had not the time to look into them.

Sep 5 2019, 3:56 PM · gnupg (gpg22), S/MIME, Bug Report

Aug 22 2019

gniibe added a comment to T4480: GPGSM: Duplicated IMPORT_OK status lines emitted.

It appears (for me) correct behavior.

Aug 22 2019, 3:52 AM · S/MIME

Jul 5 2019

aheinecke closed T4561: GPG / GPGSM: Pinentry cancels lead to wrong error codes as Resolved.

Works for me! :-)

Jul 5 2019, 9:44 AM · S/MIME, gnupg
aheinecke merged T3928: canceling password dialog for decrypting is not recognized correctling. into T4561: GPG / GPGSM: Pinentry cancels lead to wrong error codes.
Jul 5 2019, 9:33 AM · S/MIME, gnupg
gniibe added a commit to T4561: GPG / GPGSM: Pinentry cancels lead to wrong error codes: rG38b9da7de335: sm: Return the last error for pubkey decryption..
Jul 5 2019, 8:53 AM · S/MIME, gnupg
gniibe added a commit to T4561: GPG / GPGSM: Pinentry cancels lead to wrong error codes: rG6cc4119ec03b: gpg: Return the last error for pubkey decryption..
Jul 5 2019, 8:18 AM · S/MIME, gnupg

Jun 13 2019

werner added a comment to T4257: GPGME: op_verify failes for S/MIME with EBADF in multithreaded signature verification.

I have a larger change for the wait code in the works. This will go into 1.14.0 but not in 1.13.1

Jun 13 2019, 9:06 AM · S/MIME, gpgme

Jun 7 2019

aheinecke created T4561: GPG / GPGSM: Pinentry cancels lead to wrong error codes.
Jun 7 2019, 9:56 AM · S/MIME, gnupg

Jun 6 2019

werner added a comment to T4257: GPGME: op_verify failes for S/MIME with EBADF in multithreaded signature verification.

I had to patch strace to follow threads but not forks (P8) and then when built with support for -k I tracked it down: In the inbound handler we close the fd immediately on EOF. However the upper layers don't know about it and a select fails with EBADF. Of course we could ignore the EBADF, figure out the closed fd and restart. The problem is that another thread may have opened a new oobject and that will get the last closed fd assigned - bummer.

Jun 6 2019, 5:08 PM · S/MIME, gpgme
aheinecke added a comment to T4257: GPGME: op_verify failes for S/MIME with EBADF in multithreaded signature verification.

Just noticed that due to me failing to properly understand re-entrant locks the run-thread test is broken at least on windows in that it never waits for completion. So running out of filedescriptors is to expect. I'll fix the test.

Jun 6 2019, 9:44 AM · S/MIME, gpgme
aheinecke added a comment to T4257: GPGME: op_verify failes for S/MIME with EBADF in multithreaded signature verification.

My observation from running the verify threaded test on windows is that it does behave differently. The EBADF does not occur.

Jun 6 2019, 8:51 AM · S/MIME, gpgme

Jun 5 2019

werner added a comment to T4257: GPGME: op_verify failes for S/MIME with EBADF in multithreaded signature verification.

Something(tm) closes an arbitrary file descriptor behind our back. Not easy to track down because strace can not trace only threads - it always wants to trace all children as well - which is a bit too much and leads to other problems.

Jun 5 2019, 9:03 PM · S/MIME, gpgme
werner raised the priority of T4257: GPGME: op_verify failes for S/MIME with EBADF in multithreaded signature verification from Normal to High.
Jun 5 2019, 9:00 PM · S/MIME, gpgme

Jun 4 2019

werner claimed T4257: GPGME: op_verify failes for S/MIME with EBADF in multithreaded signature verification.
Jun 4 2019, 11:42 AM · S/MIME, gpgme
werner moved T4257: GPGME: op_verify failes for S/MIME with EBADF in multithreaded signature verification from Backlog to For next release on the gpgme board.
Jun 4 2019, 11:03 AM · S/MIME, gpgme
werner removed a project from T4379: Invalid crypto engine importing a certificate: gpgme.
Jun 4 2019, 10:17 AM · S/MIME, Bug Report

Jun 3 2019

aheinecke added a commit to T4555: GpgSM: BER Error / Invalid radix64 character 2d skipped if newline is missing at EOF: rGTO1c5ebfb3b2bf: Fix BER Error when importing by adding \n.
Jun 3 2019, 6:14 PM · Bug Report, S/MIME
werner added a comment to T4555: GpgSM: BER Error / Invalid radix64 character 2d skipped if newline is missing at EOF.

A newline is required by the PEM standard.

Jun 3 2019, 4:37 PM · Bug Report, S/MIME
aheinecke created T4555: GpgSM: BER Error / Invalid radix64 character 2d skipped if newline is missing at EOF.
Jun 3 2019, 4:18 PM · Bug Report, S/MIME

May 29 2019

werner added a comment to T4536: dirmngr fails to find OCSP signer certificate when responder is identified with key ID.

Thanks, the mentioned OpenSSL option should be helpful.

May 29 2019, 9:19 AM · S/MIME, gnupg (gpg22), Bug Report
misterzed88 added a comment to T4536: dirmngr fails to find OCSP signer certificate when responder is identified with key ID.

A high level test description is:

  1. Configure both gpgsm and dirmngr to use OCSP.
  2. Import the responder signer certificate with gpgsm --import.
  3. Use a certificate with OCSP responder extension present, or configure a default OCSP responder in dirmngr.
  4. Configure your OCSP responder to identify itself with key ID (and not subject name)
  5. Attempt to sign or verify with gpgsm.
  6. You should get an error, with dirmngr logs showing that the responder signer certificate could not be found.
May 29 2019, 9:11 AM · S/MIME, gnupg (gpg22), Bug Report
misterzed88 added a comment to T4535: gpgsm --sign prints misleading error message when using default key.

Thank you for a quick fix (despite this being a minor problem).

May 29 2019, 8:51 AM · gnupg (gpg22), S/MIME, Bug Report

May 28 2019

aheinecke created T4543: GpgOL: Moved S/MIME mails can no longer be read by other clients.
May 28 2019, 3:10 PM · g10code, S/MIME, gpg4win, gpgol
werner added a comment to T4536: dirmngr fails to find OCSP signer certificate when responder is identified with key ID.

Do you have any test cases? Note that T3966 is due to missing support for SHA-256.

May 28 2019, 12:36 PM · S/MIME, gnupg (gpg22), Bug Report
werner closed T3966: Dirmngr: no suitable certificate found to verify the OCSP response as Resolved.
May 28 2019, 12:32 PM · gpg4win, dirmngr, S/MIME
werner added a commit to T3966: Dirmngr: no suitable certificate found to verify the OCSP response: rG5281ecbe3ae8: dirmngr: Allow for other hash algorithms than SHA-1 in OCSP..
May 28 2019, 12:32 PM · gpg4win, dirmngr, S/MIME
werner added a commit to T3966: Dirmngr: no suitable certificate found to verify the OCSP response: rG405f41007c35: dirmngr: Allow for other hash algorithms than SHA-1 in OCSP..
May 28 2019, 12:31 PM · gpg4win, dirmngr, S/MIME
werner added a commit to T4536: dirmngr fails to find OCSP signer certificate when responder is identified with key ID: rG4699e294cc9e: dirmngr: Improve finding OCSP cert..
May 28 2019, 12:31 PM · S/MIME, gnupg (gpg22), Bug Report
werner added a comment to T3966: Dirmngr: no suitable certificate found to verify the OCSP response.

We only supported SHA-1 signed OCSP requests. Fix will go into 2.2.16.

May 28 2019, 12:29 PM · gpg4win, dirmngr, S/MIME

May 27 2019

werner triaged T4537: gpgsm support for timestamp signatures as Normal priority.
May 27 2019, 3:58 PM · gnupg (gpg23), S/MIME, Feature Request
werner triaged T4536: dirmngr fails to find OCSP signer certificate when responder is identified with key ID as Normal priority.
May 27 2019, 3:57 PM · S/MIME, gnupg (gpg22), Bug Report
werner closed T4535: gpgsm --sign prints misleading error message when using default key as Resolved.

Thanks to your very good analysis, this was easy to fix.

May 27 2019, 3:49 PM · gnupg (gpg22), S/MIME, Bug Report
werner added a commit to T4535: gpgsm --sign prints misleading error message when using default key: rG32210e855c46: sm: Avoid confusing diagnostic for the default key..
May 27 2019, 3:49 PM · gnupg (gpg22), S/MIME, Bug Report
werner added a commit to T4535: gpgsm --sign prints misleading error message when using default key: rG521e7d4644ed: sm: Avoid confusing diagnostic for the default key..
May 27 2019, 3:48 PM · gnupg (gpg22), S/MIME, Bug Report
werner triaged T4535: gpgsm --sign prints misleading error message when using default key as Low priority.
May 27 2019, 3:29 PM · gnupg (gpg22), S/MIME, Bug Report

May 24 2019

werner added a comment to T4538: Support PSS signed CRLs.

Interesting tinge: The main CRL of the dgn.de CA uses a nextUpdate in the year 2034 (15 years in the future) which would force dirmngr to cache the CRL until then. However, the CRL of the intermediate certificate has a nextUpdate only one month in the future. There is currently no entry in that second level CRL, so their idea might be that an updated second level CRL will also trigger a reload of the main CRL. I have not checked how we implement that in Dirmngr but I doubt that such a thing will work for us and that it is in any way standard compliant.

May 24 2019, 11:59 AM · dirmngr, S/MIME, libksba
werner added a subtask for T4538: Support PSS signed CRLs: T4523: Gpg4win: Multiple problems reported 05-2019.
May 24 2019, 9:10 AM · dirmngr, S/MIME, libksba
werner removed a parent task for T4538: Support PSS signed CRLs: T4523: Gpg4win: Multiple problems reported 05-2019.
May 24 2019, 9:10 AM · dirmngr, S/MIME, libksba
werner added a parent task for T4538: Support PSS signed CRLs: T4523: Gpg4win: Multiple problems reported 05-2019.
May 24 2019, 9:08 AM · dirmngr, S/MIME, libksba
werner created T4538: Support PSS signed CRLs.
May 24 2019, 8:58 AM · dirmngr, S/MIME, libksba

May 16 2019

werner added a commit to T4505: SM, W32: GPGSM hangs up the GnuPG System: rG0fff927889b0: kbx: Fix an endless loop under Windows due to an incomplete fix..
May 16 2019, 2:03 PM · kleopatra, gpgol, S/MIME, gpg4win, Windows
werner added a commit to T4505: SM, W32: GPGSM hangs up the GnuPG System: rG6f72aa821407: kbx: Fix deadlock in gpgsm on Windows due to a sharing violation..
May 16 2019, 2:03 PM · kleopatra, gpgol, S/MIME, gpg4win, Windows