S/MIMEProject
ActivePublic

Members

  • This project does not have any members.

Watchers

  • This project does not have any watchers.

Recent Activity

Thu, Aug 22

gniibe added a comment to T4480: GPGSM: Duplicated IMPORT_OK status lines emitted.

It appears (for me) correct behavior.

Thu, Aug 22, 3:52 AM · S/MIME

Jul 5 2019

aheinecke closed T4561: GPG / GPGSM: Pinentry cancels lead to wrong error codes as Resolved.

Works for me! :-)

Jul 5 2019, 9:44 AM · S/MIME, gnupg
aheinecke merged T3928: canceling password dialog for decrypting is not recognized correctling. into T4561: GPG / GPGSM: Pinentry cancels lead to wrong error codes.
Jul 5 2019, 9:33 AM · S/MIME, gnupg
gniibe added a commit to T4561: GPG / GPGSM: Pinentry cancels lead to wrong error codes: rG38b9da7de335: sm: Return the last error for pubkey decryption..
Jul 5 2019, 8:53 AM · S/MIME, gnupg
gniibe added a commit to T4561: GPG / GPGSM: Pinentry cancels lead to wrong error codes: rG6cc4119ec03b: gpg: Return the last error for pubkey decryption..
Jul 5 2019, 8:18 AM · S/MIME, gnupg

Jun 13 2019

werner added a comment to T4257: GPGME: op_verify failes for S/MIME with EBADF in multithreaded signature verification.

I have a larger change for the wait code in the works. This will go into 1.14.0 but not in 1.13.1

Jun 13 2019, 9:06 AM · S/MIME, gpgme

Jun 7 2019

aheinecke created T4561: GPG / GPGSM: Pinentry cancels lead to wrong error codes.
Jun 7 2019, 9:56 AM · S/MIME, gnupg

Jun 6 2019

werner added a comment to T4257: GPGME: op_verify failes for S/MIME with EBADF in multithreaded signature verification.

I had to patch strace to follow threads but not forks (P8) and then when built with support for -k I tracked it down: In the inbound handler we close the fd immediately on EOF. However the upper layers don't know about it and a select fails with EBADF. Of course we could ignore the EBADF, figure out the closed fd and restart. The problem is that another thread may have opened a new oobject and that will get the last closed fd assigned - bummer.

Jun 6 2019, 5:08 PM · S/MIME, gpgme
aheinecke added a comment to T4257: GPGME: op_verify failes for S/MIME with EBADF in multithreaded signature verification.

Just noticed that due to me failing to properly understand re-entrant locks the run-thread test is broken at least on windows in that it never waits for completion. So running out of filedescriptors is to expect. I'll fix the test.

Jun 6 2019, 9:44 AM · S/MIME, gpgme
aheinecke added a comment to T4257: GPGME: op_verify failes for S/MIME with EBADF in multithreaded signature verification.

My observation from running the verify threaded test on windows is that it does behave differently. The EBADF does not occur.

Jun 6 2019, 8:51 AM · S/MIME, gpgme

Jun 5 2019

werner added a comment to T4257: GPGME: op_verify failes for S/MIME with EBADF in multithreaded signature verification.

Something(tm) closes an arbitrary file descriptor behind our back. Not easy to track down because strace can not trace only threads - it always wants to trace all children as well - which is a bit too much and leads to other problems.

Jun 5 2019, 9:03 PM · S/MIME, gpgme
werner raised the priority of T4257: GPGME: op_verify failes for S/MIME with EBADF in multithreaded signature verification from Normal to High.
Jun 5 2019, 9:00 PM · S/MIME, gpgme

Jun 4 2019

werner claimed T4257: GPGME: op_verify failes for S/MIME with EBADF in multithreaded signature verification.
Jun 4 2019, 11:42 AM · S/MIME, gpgme
werner moved T4257: GPGME: op_verify failes for S/MIME with EBADF in multithreaded signature verification from Backlog to For next release on the gpgme board.
Jun 4 2019, 11:03 AM · S/MIME, gpgme
werner removed a project from T4379: Invalid crypto engine importing a certificate: gpgme.
Jun 4 2019, 10:17 AM · S/MIME, Bug Report

Jun 3 2019

aheinecke added a commit to T4555: GpgSM: BER Error / Invalid radix64 character 2d skipped if newline is missing at EOF: rGTO1c5ebfb3b2bf: Fix BER Error when importing by adding \n.
Jun 3 2019, 6:14 PM · Bug Report, S/MIME
werner added a comment to T4555: GpgSM: BER Error / Invalid radix64 character 2d skipped if newline is missing at EOF.

A newline is required by the PEM standard.

Jun 3 2019, 4:37 PM · Bug Report, S/MIME
aheinecke created T4555: GpgSM: BER Error / Invalid radix64 character 2d skipped if newline is missing at EOF.
Jun 3 2019, 4:18 PM · Bug Report, S/MIME

May 29 2019

werner added a comment to T4536: dirmngr fails to find OCSP signer certificate when responder is identified with key ID.

Thanks, the mentioned OpenSSL option should be helpful.

May 29 2019, 9:19 AM · S/MIME, gnupg (gpg22), Bug Report
misterzed88 added a comment to T4536: dirmngr fails to find OCSP signer certificate when responder is identified with key ID.

A high level test description is:

  1. Configure both gpgsm and dirmngr to use OCSP.
  2. Import the responder signer certificate with gpgsm --import.
  3. Use a certificate with OCSP responder extension present, or configure a default OCSP responder in dirmngr.
  4. Configure your OCSP responder to identify itself with key ID (and not subject name)
  5. Attempt to sign or verify with gpgsm.
  6. You should get an error, with dirmngr logs showing that the responder signer certificate could not be found.
May 29 2019, 9:11 AM · S/MIME, gnupg (gpg22), Bug Report
misterzed88 added a comment to T4535: gpgsm --sign prints misleading error message when using default key.

Thank you for a quick fix (despite this being a minor problem).

May 29 2019, 8:51 AM · gnupg (gpg22), S/MIME, Bug Report

May 28 2019

aheinecke created T4543: GpgOL: Moved S/MIME mails with attachments can no longer be read by other clients.
May 28 2019, 3:10 PM · S/MIME, gpg4win, gpgol
werner added a comment to T4536: dirmngr fails to find OCSP signer certificate when responder is identified with key ID.

Do you have any test cases? Note that T3966 is due to missing support for SHA-256.

May 28 2019, 12:36 PM · S/MIME, gnupg (gpg22), Bug Report
werner closed T3966: Dirmngr: no suitable certificate found to verify the OCSP response as Resolved.
May 28 2019, 12:32 PM · gpg4win, dirmngr, S/MIME
werner added a commit to T3966: Dirmngr: no suitable certificate found to verify the OCSP response: rG5281ecbe3ae8: dirmngr: Allow for other hash algorithms than SHA-1 in OCSP..
May 28 2019, 12:32 PM · gpg4win, dirmngr, S/MIME
werner added a commit to T3966: Dirmngr: no suitable certificate found to verify the OCSP response: rG405f41007c35: dirmngr: Allow for other hash algorithms than SHA-1 in OCSP..
May 28 2019, 12:31 PM · gpg4win, dirmngr, S/MIME
werner added a commit to T4536: dirmngr fails to find OCSP signer certificate when responder is identified with key ID: rG4699e294cc9e: dirmngr: Improve finding OCSP cert..
May 28 2019, 12:31 PM · S/MIME, gnupg (gpg22), Bug Report
werner added a comment to T3966: Dirmngr: no suitable certificate found to verify the OCSP response.

We only supported SHA-1 signed OCSP requests. Fix will go into 2.2.16.

May 28 2019, 12:29 PM · gpg4win, dirmngr, S/MIME

May 27 2019

werner triaged T4537: gpgsm support for timestamp signatures as Normal priority.
May 27 2019, 3:58 PM · gnupg (gpg23), S/MIME, Feature Request
werner triaged T4536: dirmngr fails to find OCSP signer certificate when responder is identified with key ID as Normal priority.
May 27 2019, 3:57 PM · S/MIME, gnupg (gpg22), Bug Report
werner closed T4535: gpgsm --sign prints misleading error message when using default key as Resolved.

Thanks to your very good analysis, this was easy to fix.

May 27 2019, 3:49 PM · gnupg (gpg22), S/MIME, Bug Report
werner added a commit to T4535: gpgsm --sign prints misleading error message when using default key: rG32210e855c46: sm: Avoid confusing diagnostic for the default key..
May 27 2019, 3:49 PM · gnupg (gpg22), S/MIME, Bug Report
werner added a commit to T4535: gpgsm --sign prints misleading error message when using default key: rG521e7d4644ed: sm: Avoid confusing diagnostic for the default key..
May 27 2019, 3:48 PM · gnupg (gpg22), S/MIME, Bug Report
werner triaged T4535: gpgsm --sign prints misleading error message when using default key as Low priority.
May 27 2019, 3:29 PM · gnupg (gpg22), S/MIME, Bug Report

May 24 2019

werner added a comment to T4538: Support PSS signed CRLs.

Interesting tinge: The main CRL of the dgn.de CA uses a nextUpdate in the year 2034 (15 years in the future) which would force dirmngr to cache the CRL until then. However, the CRL of the intermediate certificate has a nextUpdate only one month in the future. There is currently no entry in that second level CRL, so their idea might be that an updated second level CRL will also trigger a reload of the main CRL. I have not checked how we implement that in Dirmngr but I doubt that such a thing will work for us and that it is in any way standard compliant.

May 24 2019, 11:59 AM · dirmngr, S/MIME, libksba
werner added a subtask for T4538: Support PSS signed CRLs: T4523: Gpg4win: Multiple problems reported 05-2019.
May 24 2019, 9:10 AM · dirmngr, S/MIME, libksba
werner removed a parent task for T4538: Support PSS signed CRLs: T4523: Gpg4win: Multiple problems reported 05-2019.
May 24 2019, 9:10 AM · dirmngr, S/MIME, libksba
werner added a parent task for T4538: Support PSS signed CRLs: T4523: Gpg4win: Multiple problems reported 05-2019.
May 24 2019, 9:08 AM · dirmngr, S/MIME, libksba
werner created T4538: Support PSS signed CRLs.
May 24 2019, 8:58 AM · dirmngr, S/MIME, libksba

May 16 2019

werner added a commit to T4505: SM, W32: GPGSM hangs up the GnuPG System: rG0fff927889b0: kbx: Fix an endless loop under Windows due to an incomplete fix..
May 16 2019, 2:03 PM · kleopatra, gpgol, S/MIME, gpg4win, Windows
werner added a commit to T4505: SM, W32: GPGSM hangs up the GnuPG System: rG6f72aa821407: kbx: Fix deadlock in gpgsm on Windows due to a sharing violation..
May 16 2019, 2:03 PM · kleopatra, gpgol, S/MIME, gpg4win, Windows
werner closed T4505: SM, W32: GPGSM hangs up the GnuPG System as Resolved.
May 16 2019, 2:00 PM · kleopatra, gpgol, S/MIME, gpg4win, Windows
werner added a comment to T4505: SM, W32: GPGSM hangs up the GnuPG System.

That was obvious. rG6fc5df1e10129f3171d80cf731f310b9e8d97c26 fixes this.

May 16 2019, 2:00 PM · kleopatra, gpgol, S/MIME, gpg4win, Windows
aheinecke reopened T4505: SM, W32: GPGSM hangs up the GnuPG System as "Open".

When doing a "gpgsm --with-validation -k foo" (assuming you have a cert foo) gpgsm now goes into a loop and prints the certficates that match "foo" over and over again. I have not tested if it was caused by this change but I think it is likely.

May 16 2019, 1:15 PM · kleopatra, gpgol, S/MIME, gpg4win, Windows
aheinecke removed a subtask for T4505: SM, W32: GPGSM hangs up the GnuPG System: T4509: Release GnuPG 2.2.16.
May 16 2019, 1:12 PM · kleopatra, gpgol, S/MIME, gpg4win, Windows
aheinecke added a subtask for T4505: SM, W32: GPGSM hangs up the GnuPG System: T4509: Release GnuPG 2.2.16.
May 16 2019, 9:50 AM · kleopatra, gpgol, S/MIME, gpg4win, Windows
aheinecke closed T4505: SM, W32: GPGSM hangs up the GnuPG System as Resolved.

I imported 39 certificate files at once with Kleopatra with about 700 certificates and it worked. Took a long time though so It would be nice if Kleopatra would show a progess indicator or some indication that the import is running. But this is a different issue.

May 16 2019, 9:49 AM · kleopatra, gpgol, S/MIME, gpg4win, Windows

May 15 2019

werner edited projects for T4436: gpgsm refuses to encrypt with failure to check CRL, added: gnupg; removed gnupg (gpg22), Bug Report.

Will give you more detailed info about your certificate. For even more details use --dump-chain instead of --list-chain.

May 15 2019, 9:39 AM · gnupg, S/MIME
werner merged T4248: gpg-agent: Rare unresponsiveness after importing a secret S/MIME cert on Windows into T4505: SM, W32: GPGSM hangs up the GnuPG System.
May 15 2019, 9:22 AM · kleopatra, gpgol, S/MIME, gpg4win, Windows
werner merged task T4248: gpg-agent: Rare unresponsiveness after importing a secret S/MIME cert on Windows into T4505: SM, W32: GPGSM hangs up the GnuPG System.
May 15 2019, 9:22 AM · S/MIME, gnupg (gpg22), gpgagent, gpg4win