Hi there,
I’m using gpgsm (GnuPG) 2.2.13. For some reason, a CRL obtained by
dirmngr is signed with an expired certificate. This prevents me
from using my certificate. Here is what happens when I try to decrypt:
$ gpgsm -d mail.p7m
gpgsm: Note: non-critical certificate policy not allowed
gpgsm: certificate #1C7CAD9DED77429D3CA98D1D/1.2.840.113549.1.9.1=#636140756E692D6D75656E737465722E6465,CN=Zertifizierungsstelle Universitaet Muenster - G02,O=Universitaet Muenster,C=DE
gpgsm: checking the CRL failed: Certificate expired
gpgsm: can't sign using '5E:A8:6C:19:99:8E:43:CC:CF:BB:1C:0E:35:07:FF:F6:F2:BA:3C:26': Certificate expired
gpgsm: Note: non-critical certificate policy not allowed
gpgsm: certificate #1C7CAD9DED77429D3CA98D1D/1.2.840.113549.1.9.1=#636140756E692D6D75656E737465722E6465,CN=Zertifizierungsstelle Universitaet Muenster - G02,O=Universitaet Muenster,C=DE
gpgsm: checking the CRL failed: Certificate expired
gpgsm: Note: won't be able to encrypt to '5E:A8:6C:19:99:8E:43:CC:CF:BB:1C:0E:35:07:FF:F6:F2:BA:3C:26': Certificate expired
Yes, CRLs should not be signed with expired certificates. However,
is the fact that gpgsm prevents me from using my certificate a bug
or a feature?
As workaround I now have disable-crl-checks in my gpgsm.conf.
Should I file a bug report?
Best wishes
Jens
_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
I’m using gpgsm (GnuPG) 2.2.13. For some reason, a CRL obtained by
dirmngr is signed with an expired certificate. This prevents me
from using my certificate. Here is what happens when I try to decrypt:
$ gpgsm -d mail.p7m
gpgsm: Note: non-critical certificate policy not allowed
gpgsm: certificate #1C7CAD9DED77429D3CA98D1D/1.2.840.113549.1.9.1=#636140756E692D6D75656E737465722E6465,CN=Zertifizierungsstelle Universitaet Muenster - G02,O=Universitaet Muenster,C=DE
gpgsm: checking the CRL failed: Certificate expired
gpgsm: can't sign using '5E:A8:6C:19:99:8E:43:CC:CF:BB:1C:0E:35:07:FF:F6:F2:BA:3C:26': Certificate expired
gpgsm: Note: non-critical certificate policy not allowed
gpgsm: certificate #1C7CAD9DED77429D3CA98D1D/1.2.840.113549.1.9.1=#636140756E692D6D75656E737465722E6465,CN=Zertifizierungsstelle Universitaet Muenster - G02,O=Universitaet Muenster,C=DE
gpgsm: checking the CRL failed: Certificate expired
gpgsm: Note: won't be able to encrypt to '5E:A8:6C:19:99:8E:43:CC:CF:BB:1C:0E:35:07:FF:F6:F2:BA:3C:26': Certificate expired
Yes, CRLs should not be signed with expired certificates. However,
is the fact that gpgsm prevents me from using my certificate a bug
or a feature?
As workaround I now have disable-crl-checks in my gpgsm.conf.
Should I file a bug report?
Best wishes
Jens
_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel