Mailing List Archive

On Tue, Jul 27, 2004 at 05:32:11PM +0200, bsmaillist@skynet.be wrote:
> Now KMail freezes whenever I add gpgme-smime.so as a crypto plugin in KMail.
>
> I have installed:
> KMail 1.6.2
> gpg 1.9.10
> libgrcrypt 1.1.94
> gpgme 0.3.16
> cryptplug 0.3.16
> libassuan 0.6.6
> libgpg-error 0.7
> libksba 0.9.8
>
> I double checked with ldd that all these refer to each other. What is a likely
> reason for GnuPG to freeze KMail like this? Where should I start looking?

no pinentry?

--
Jan-Oliver Wagner http://intevation.de/~jan/

Intevation GmbH http://intevation.de/
FreeGIS http://freegis.org/

On Tue, 27 Jul 2004 17:32:11 +0200, bsmaillist said:

> I double checked with ldd that all these refer to each other. What is a likely
> reason for GnuPG to freeze KMail like this? Where should I start looking?

Use log files. A first step is to put

log-file /tmp/gpgsm.log
debug-level basic

into ~/.gnupg/gpgsm.conf

Werner

On Tuesday 27 July 2004 21:59, Werner Koch wrote:
> On Tue, 27 Jul 2004 17:32:11 +0200, bsmaillist said:
> > I double checked with ldd that all these refer to each other. What is a
> > likely reason for GnuPG to freeze KMail like this? Where should I start
> > looking?
>
> Use log files. A first step is to put
>
> log-file /tmp/gpgsm.log
> debug-level basic
>
> into ~/.gnupg/gpgsm.conf
>
> Werner
>
>
> _______________________________________________
> Gpa-dev mailing list
> Gpa-dev@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gpa-dev

I added pinentry and dirmgr + started "gpg-agent --daemon".

In KMail :

gpgsm.log - part 1
--------------------
Check a signed e-mail (signed with my own key and sent to myself).
KMail says the mail is signed but that the signature could not be verified due
to a "system error". Double clicking the "Detail" tag properly starts
KGPGCertManager.

gpgsm[1389.0x807aaa8] DBG: -> Home: ~/.gnupg
gpgsm[1389.0x807aaa8] DBG: -> Config: /home/user/.gnupg/gpgsm.conf
gpgsm[1389.0x807aaa8] DBG: -> AgentInfo: /tmp/gpg-ggELmC/S.gpg-agent:3833:1
gpgsm[1389.0x807aaa8] DBG: -> DirmngrInfo: [not set]
gpgsm[1389.0x807aaa8] DBG: -> GNU Privacy Guard's S/M server 1.9.10 ready
gpgsm[1389.0x807aaa8] DBG: <- OPTION display=:0.0
gpgsm[1389.0x807aaa8] DBG: -> OK
gpgsm[1389.0x807aaa8] DBG: <- INPUT FD=17
gpgsm[1389.0x807aaa8] DBG: -> OK
gpgsm[1389.0x807aaa8] DBG: <- MESSAGE FD=21
gpgsm[1389.0x807aaa8] DBG: -> OK
gpgsm[1389.0x807aaa8] DBG: <- VERIFY
2004-07-28 00:47:47 gpgsm[1389] detached signature
gpgsm[1389.0x807aaa8] DBG: -> S NEWSIG
2004-07-28 00:47:47 gpgsm[1389] Signature made 2004-07-27 09:50:51 using
certificate ID C7E1F459
2004-07-28 00:47:47 gpgsm[1389] no running dirmngr - starting one
2004-07-28 00:47:47 gpgsm[1389] DBG: connection to dirmngr established
2004-07-28 00:47:47 gpgsm[1389] checking the CRL failed: Unknown system error
gpgsm[1389.0x807aaa8] DBG: -> S GOODSIG
gpgsm[1389.0x807aaa8] DBG: -> S VALIDSIG
C37003D68A2A592A1E8B147E1C6AD9C6C7E1F459 2004-07-27 20040727T095051
20060718T220552
2004-07-28 00:47:47 gpgsm[1389] invalid certification chain: Unknown system
error
gpgsm[1389.0x807aaa8] DBG: -> S TRUST_UNDEFINED 65535
gpgsm[1389.0x807aaa8] DBG: -> OK
gpgsm[1391.0x807aaa8] DBG: -> Home: ~/.gnupg
gpgsm[1391.0x807aaa8] DBG: -> Config: /home/user/.gnupg/gpgsm.conf
gpgsm[1391.0x807aaa8] DBG: -> AgentInfo: /tmp/gpg-ggELmC/S.gpg-agent:3833:1
gpgsm[1391.0x807aaa8] DBG: -> DirmngrInfo: [not set]
gpgsm[1391.0x807aaa8] DBG: -> GNU Privacy Guard's S/M server 1.9.10 ready
gpgsm[1391.0x807aaa8] DBG: <- OPTION display=:0.0
gpgsm[1391.0x807aaa8] DBG: -> OK
gpgsm[1391.0x807aaa8] DBG: <- OPTION list-mode=1
gpgsm[1391.0x807aaa8] DBG: -> OK
gpgsm[1391.0x807aaa8] DBG: <- LISTKEYS
C37003D68A2A592A1E8B147E1C6AD9C6C7E1F459
2004-07-28 00:47:47 gpgsm[1391] DBG: connection to agent established
gpgsm[1391.0x807aaa8] DBG: -> D
crs::1024:1:1C6AD9C6C7E1F459:20040718T220552:20060718T220552:01::CN=BS Root
CA,OU=RD,O=Privaat,L=Donk,ST=Limburg,C=BE::escESC:
%0Afpr:::::::::C37003D68A2A592A1E8B147E1C6AD9C6C7E1F459:::4C8B25A54F2DF6A5A4BCC4907C45A0813F8509F5:
%0Auid:::::::::1.2.840.113549.1.9.1=#626172742E73796D6F6E7340736B796E65742E6265,CN=Bart
Symons::%0Auid:::::::::<bart.symons@skynet.be>::%0A
gpgsm[1391.0x807aaa8] DBG: -> OK
gpgsm[1391.0x807aaa8] DBG: <- BYE
gpgsm[1391.0x807aaa8] DBG: -> OK closing connection
gpgsm[1389.0x807aaa8] DBG: <- BYE
gpgsm[1389.0x807aaa8] DBG: -> OK closing connection


gpgsm.log - part 2
Modify gpgsm.conf to disable CRL checking
Restart KMail and check the same signed e-mail.
(CRL checking disabled in gpgsm.conf)
KMail freezes when clicking (selecting) the e-mail.


gpgsm[1392.0x807aaa8] DBG: -> Home: ~/.gnupg
gpgsm[1392.0x807aaa8] DBG: -> Config: /home/user/.gnupg/gpgsm.conf
gpgsm[1392.0x807aaa8] DBG: -> AgentInfo: /tmp/gpg-ggELmC/S.gpg-agent:3833:1
gpgsm[1392.0x807aaa8] DBG: -> DirmngrInfo: [not set]
gpgsm[1392.0x807aaa8] DBG: -> GNU Privacy Guard's S/M server 1.9.10 ready
gpgsm[1392.0x807aaa8] DBG: <- OPTION display=:0.0
gpgsm[1392.0x807aaa8] DBG: -> OK
gpgsm[1392.0x807aaa8] DBG: <- INPUT FD=17
gpgsm[1392.0x807aaa8] DBG: -> OK
gpgsm[1392.0x807aaa8] DBG: <- MESSAGE FD=21
gpgsm[1392.0x807aaa8] DBG: -> OK
gpgsm[1392.0x807aaa8] DBG: <- VERIFY
2004-07-28 00:47:48 gpgsm[1392] detached signature
gpgsm[1392.0x807aaa8] DBG: -> S NEWSIG
2004-07-28 00:47:48 gpgsm[1392] Signature made 2004-07-27 09:50:51 using
certificate ID C7E1F459
2004-07-28 00:47:48 gpgsm[1392] no running dirmngr - starting one
2004-07-28 00:47:48 gpgsm[1392] DBG: connection to dirmngr established
2004-07-28 00:47:48 gpgsm[1392] checking the CRL failed: Unknown system error
gpgsm[1392.0x807aaa8] DBG: -> S GOODSIG
gpgsm[1392.0x807aaa8] DBG: -> S VALIDSIG
C37003D68A2A592A1E8B147E1C6AD9C6C7E1F459 2004-07-27 20040727T095051
20060718T220552
2004-07-28 00:47:48 gpgsm[1392] invalid certification chain: Unknown system
error
gpgsm[1392.0x807aaa8] DBG: -> S TRUST_UNDEFINED 65535
gpgsm[1392.0x807aaa8] DBG: -> OK
gpgsm[1392.0x807aaa8] DBG: <- BYE
gpgsm[1392.0x807aaa8] DBG: -> OK closing connection


gpgsm[1402.0x807aaa8] DBG: -> Home: ~/.gnupg
gpgsm[1402.0x807aaa8] DBG: -> Config: /home/user/.gnupg/gpgsm.conf
gpgsm[1402.0x807aaa8] DBG: -> AgentInfo: /tmp/gpg-ggELmC/S.gpg-agent:3833:1
gpgsm[1402.0x807aaa8] DBG: -> DirmngrInfo: [not set]
gpgsm[1402.0x807aaa8] DBG: -> GNU Privacy Guard's S/M server 1.9.10 ready
gpgsm[1402.0x807aaa8] DBG: <- OPTION display=:0.0
gpgsm[1402.0x807aaa8] DBG: -> OK
gpgsm[1402.0x807aaa8] DBG: <- INPUT FD=17
gpgsm[1402.0x807aaa8] DBG: -> OK
gpgsm[1402.0x807aaa8] DBG: <- MESSAGE FD=21
gpgsm[1402.0x807aaa8] DBG: -> OK
gpgsm[1402.0x807aaa8] DBG: <- VERIFY
2004-07-28 00:48:54 gpgsm[1402] detached signature
gpgsm[1402.0x807aaa8] DBG: -> S NEWSIG
2004-07-28 00:48:54 gpgsm[1402] Signature made 2004-07-27 09:50:51 using
certificate ID C7E1F459
2004-07-28 00:48:54 gpgsm[1402] certificate is good
2004-07-28 00:48:54 gpgsm[1402] DBG: connection to agent established
2004-07-28 00:48:54 gpgsm[1402] CRLs not checked due to --disable-crl-checks
option
gpgsm[1402.0x807aaa8] DBG: -> S GOODSIG
gpgsm[1402.0x807aaa8] DBG: -> S VALIDSIG
C37003D68A2A592A1E8B147E1C6AD9C6C7E1F459 2004-07-27 20040727T095051
20060718T220552
2004-07-28 00:48:54 gpgsm[1402] Good signature from "/CN=Bart
Symons/EMail=bart.symons@skynet.be"
2004-07-28 00:48:54 gpgsm[1402] aka "bart.symons@skynet.be"
gpgsm[1402.0x807aaa8] DBG: -> S TRUST_FULLY
gpgsm[1402.0x807aaa8] DBG: -> OK
gpgsm[1403.0x807aaa8] DBG: -> Home: ~/.gnupg
gpgsm[1403.0x807aaa8] DBG: -> Config: /home/user/.gnupg/gpgsm.conf
gpgsm[1403.0x807aaa8] DBG: -> AgentInfo: /tmp/gpg-ggELmC/S.gpg-agent:3833:1
gpgsm[1403.0x807aaa8] DBG: -> DirmngrInfo: [not set]
gpgsm[1403.0x807aaa8] DBG: -> GNU Privacy Guard's S/M server 1.9.10 ready
gpgsm[1403.0x807aaa8] DBG: <- OPTION display=:0.0
gpgsm[1403.0x807aaa8] DBG: -> OK
gpgsm[1403.0x807aaa8] DBG: <- OPTION list-mode=1
gpgsm[1403.0x807aaa8] DBG: -> OK
gpgsm[1403.0x807aaa8] DBG: <- LISTKEYS
C37003D68A2A592A1E8B147E1C6AD9C6C7E1F459
gpgsm[1402.0x807aaa8] DBG: <- [EOF]
2004-07-28 00:49:13 gpgsm[1403] DBG: connection to agent established
gpgsm[1403.0x807aaa8] DBG: -> D
crs::1024:1:1C6AD9C6C7E1F459:20040718T220552:20060718T220552:01::CN=BS Root
CA,OU=RD,O=Privaat,L=Donk,ST=Limburg,C=BE::escESC:
%0Afpr:::::::::C37003D68A2A592A1E8B147E1C6AD9C6C7E1F459:::4C8B25A54F2DF6A5A4BCC4907C45A0813F8509F5:
%0Auid:::::::::1.2.840.113549.1.9.1=#626172742E73796D6F6E7340736B796E65742E6265,CN=Bart
Symons::%0Auid:::::::::<bart.symons@skynet.be>::%0A
gpgsm[1403.0x807aaa8] DBG: -> ERR 101 server fault (write error)
2004-07-28 00:49:13 gpgsm[1403] Assuan processing failed: write error

On Wed, 28 Jul 2004 00:59:37 +0200, bsmaillist said:

> gpgsm[1392.0x807aaa8] DBG: -> S GOODSIG
> gpgsm[1392.0x807aaa8] DBG: -> S VALIDSIG
> C37003D68A2A592A1E8B147E1C6AD9C6C7E1F459 2004-07-27 20040727T095051
> 20060718T220552
> 2004-07-28 00:47:48 gpgsm[1392] invalid certification chain: Unknown system
> error
> gpgsm[1392.0x807aaa8] DBG: -> S TRUST_UNDEFINED 65535

please do a

gpgsm --list-sig --with-validation C37003D68A2A592A1E8B147E1C6AD9C6C7E1F459

do see what's wrong.

The kmail freeze seems to be unrelated to the backend.

Werner

On Wednesday 28 July 2004 13:03, Werner Koch wrote:
>  gpgsm --list-sig --with-validation
>  C37003D68A2A592A1E8B147E1C6AD9C6C7E1F459

This is my gpgsm.conf file.
"
debug-level basic
agent-program /usr/local/bin/gpg-agent
dirmngr-program /usr/local/bin/dirmngr
#disable-crl-checks
"

I get two different results depending on whether I enable CRL checking (result
#1) or disable CRL checking (result #2).


What I don't understand is that KMail freezes when CRL checking is disabled
but the test with "gpgsm --list-sig ... " shows a problem when CRL checking
enabled.

Here's the result #1 (CRL checking enabled).

"
Secure memory is not locked into core
gpgsm: NOTE: THIS IS A DEVELOPMENT VERSION!
gpgsm: It is only intended for test purposes and should NOT be
gpgsm: used in a production environment or with production keys!
/home/user/.gnupg/pubring.kbx
-----------------------------
Serial number: 01
Issuer: /CN=BS Root CA/OU=RD/O=Privaat/L=Donk/ST=Limburg/C=BE
Subject: /CN=Bart Symons/EMail=bart.symons@skynet.be
aka: bart.symons@skynet.be
validity: 2004-07-18 22:05:52 through 2006-07-18 22:05:52
key type: 1024 bit RSA
ext key usage: clientAuth (suggested), emailProtection (suggested)
fingerprint: C3:70:03:D6:8A:2A:59:2A:1E:8B:14:7E:1C:6A:D9:C6:C7:E1:F4:59
gpgsm: no running dirmngr - starting one
dirmngr[4134]: error opening `/home/user/.gnupg/dirmngr_ldapservers.conf': No
such file or directory
gpgsm: DBG: connection to dirmngr established
dirmngr[4134]: no CRL available for issuer
`E03456F86E593E743CAD38F8DCCEC2C08071F46A'
[checking the CRL failed: Unknown system error]
[certificate is bad: Unknown system error]
Certified by
Serial number: 00
Issuer: /CN=BS Root CA/OU=RD/O=Privaat/L=Donk/ST=Limburg/C=BE
Subject: /CN=BS Root CA/OU=RD/O=Privaat/L=Donk/ST=Limburg/C=BE
validity: 2004-07-18 22:04:50 through 2014-07-16 22:04:50
key type: 2048 bit RSA
chain length: unlimited
fingerprint: 4C:8B:25:A5:4F:2D:F6:A5:A4:BC:C4:90:7C:45:A0:81:3F:85:09:F5
gpgsm: DBG: connection to agent established
[checking the CRL failed: Assuan server fault]
[certificate is bad: Assuan server fault]
"

Here's the result #2 (CRL checking disabled).

"
Secure memory is not locked into core
gpgsm: NOTE: THIS IS A DEVELOPMENT VERSION!
gpgsm: It is only intended for test purposes and should NOT be
gpgsm: used in a production environment or with production keys!
/home/user/.gnupg/pubring.kbx
-----------------------------
Serial number: 01
Issuer: /CN=BS Root CA/OU=RD/O=Privaat/L=Donk/ST=Limburg/C=BE
Subject: /CN=Bart Symons/EMail=bart.symons@skynet.be
aka: bart.symons@skynet.be
validity: 2004-07-18 22:05:52 through 2006-07-18 22:05:52
key type: 1024 bit RSA
ext key usage: clientAuth (suggested), emailProtection (suggested)
fingerprint: C3:70:03:D6:8A:2A:59:2A:1E:8B:14:7E:1C:6A:D9:C6:C7:E1:F4:59
gpgsm: DBG: connection to agent established
[certificate is good]
Certified by
Serial number: 00
Issuer: /CN=BS Root CA/OU=RD/O=Privaat/L=Donk/ST=Limburg/C=BE
Subject: /CN=BS Root CA/OU=RD/O=Privaat/L=Donk/ST=Limburg/C=BE
validity: 2004-07-18 22:04:50 through 2014-07-16 22:04:50
key type: 2048 bit RSA
chain length: unlimited
fingerprint: 4C:8B:25:A5:4F:2D:F6:A5:A4:BC:C4:90:7C:45:A0:81:3F:85:09:F5
[certificate is good]

secmem usage: 1344/16384 bytes in 2 blocks
"

On Wed, 28 Jul 2004 18:39:46 +0200, bsmaillist said:

> dirmngr[4134]: error opening `/home/user/.gnupg/dirmngr_ldapservers.conf': No
> such file or directory

What about creating this configuration file? We need to know the
addresses of the CRL in case tehre is no CRL Distribution Point in the
certificate.

Werner

On Thursday 29 July 2004 08:53, Werner Koch wrote:
> On Wed, 28 Jul 2004 18:39:46 +0200, bsmaillist said:
> > dirmngr[4134]: error opening
> > `/home/user/.gnupg/dirmngr_ldapservers.conf': No such file or directory
>
> What about creating this configuration file? We need to know the
> addresses of the CRL in case tehre is no CRL Distribution Point in the
> certificate.
>
> Werner

There is no AIA in the certificate nor a CRL distribution point.
There is no CRL, these are simply self-made test certificates.

Is a CRL mandatory for GnuPG / gpgsm to function correctly?
And how does this explain that KMail freezes when CRL checking is explicitly
disabled?

On Thu, Jul 29, 2004 at 04:26:56PM +0200, bsmaillist@skynet.be wrote:
> There is no AIA in the certificate nor a CRL distribution point.
> There is no CRL, these are simply self-made test certificates.
>
> Is a CRL mandatory for GnuPG / gpgsm to function correctly?
> And how does this explain that KMail freezes when CRL checking is explicitly
> disabled?

you may disable crls checks for testing.

Add
disable-crl-checks
to dirmngr.conf

But note that this undermines the concept of S/MIME.

Best

Jan

--
Jan-Oliver Wagner http://intevation.de/~jan/

Intevation GmbH http://intevation.de/
FreeGIS http://freegis.org/

On Thursday 29 July 2004 08:53, Werner Koch wrote:
> On Wed, 28 Jul 2004 18:39:46 +0200, bsmaillist said:
> > dirmngr[4134]: error opening
> > `/home/user/.gnupg/dirmngr_ldapservers.conf': No such file or directory
>
> What about creating this configuration file? We need to know the
> addresses of the CRL in case tehre is no CRL Distribution Point in the
> certificate.
>
> Werner

I didn't find the format of the irmngr_ldapservers.conf configuration file in
the GnuPG info files.

A google search revealed the following format:
"
Each line contains a server formatted like this

host:port:user:password:base

with base is the base DN used for searching in queries that dont specify a
base themselves.
"

Is this still correct?

On Thursday 29 July 2004 08:53, Werner Koch wrote:
> On Wed, 28 Jul 2004 18:39:46 +0200, bsmaillist said:
> > dirmngr[4134]: error opening
> > `/home/user/.gnupg/dirmngr_ldapservers.conf': No such file or directory
>
> What about creating this configuration file? We need to know the
> addresses of the CRL in case tehre is no CRL Distribution Point in the
> certificate.
>
> Werner

Since I don't have a CRL for my test certificates I did the following:

First I did a "touch dirmngr_ldapservers.conf" in ~/.gnupg and added 1 line
with a newline in the config file. Then I tried "gpgsm --list-sig
--with-validation C37003D68A2A592A1E8B147E1C6AD9C6C7E1F459" with both CRL
checking disabled and enabled.

This gave the following results

with CRL checking disabled
-----------------------------

Secure memory is not locked into core
gpgsm: NOTE: THIS IS A DEVELOPMENT VERSION!
gpgsm: It is only intended for test purposes and should NOT be
gpgsm: used in a production environment or with production keys!
/home/user/.gnupg/pubring.kbx
-----------------------------
Serial number: 01
Issuer: /CN=BS Root CA/OU=RD/O=Privaat/L=Donk/ST=Limburg/C=BE
Subject: /CN=Bart Symons/EMail=bart.symons@skynet.be
aka: bart.symons@skynet.be
validity: 2004-07-18 22:05:52 through 2006-07-18 22:05:52
key type: 1024 bit RSA
ext key usage: clientAuth (suggested), emailProtection (suggested)
fingerprint: C3:70:03:D6:8A:2A:59:2A:1E:8B:14:7E:1C:6A:D9:C6:C7:E1:F4:59
gpgsm: no running dirmngr - starting one
gpgsm: DBG: connection to dirmngr established
dirmngr[4125]: no CRL available for issuer
`E03456F86E593E743CAD38F8DCCEC2C08071F46A'
[checking the CRL failed: Unknown system error]
[certificate is bad: Unknown system error]
Certified by
Serial number: 00
Issuer: /CN=BS Root CA/OU=RD/O=Privaat/L=Donk/ST=Limburg/C=BE
Subject: /CN=BS Root CA/OU=RD/O=Privaat/L=Donk/ST=Limburg/C=BE
validity: 2004-07-18 22:04:50 through 2014-07-16 22:04:50
key type: 2048 bit RSA
chain length: unlimited
fingerprint: 4C:8B:25:A5:4F:2D:F6:A5:A4:BC:C4:90:7C:45:A0:81:3F:85:09:F5
gpgsm: DBG: connection to agent established
[checking the CRL failed: Assuan server fault]
[certificate is bad: Assuan server fault]

secmem usage: 1344/16384 bytes in 2 blocks


with CRL checking enabled
----------------------------

Secure memory is not locked into core
gpgsm: NOTE: THIS IS A DEVELOPMENT VERSION!
gpgsm: It is only intended for test purposes and should NOT be
gpgsm: used in a production environment or with production keys!
/home/user/.gnupg/pubring.kbx
-----------------------------
Serial number: 01
Issuer: /CN=BS Root CA/OU=RD/O=Privaat/L=Donk/ST=Limburg/C=BE
Subject: /CN=Bart Symons/EMail=bart.symons@skynet.be
aka: bart.symons@skynet.be
validity: 2004-07-18 22:05:52 through 2006-07-18 22:05:52
key type: 1024 bit RSA
ext key usage: clientAuth (suggested), emailProtection (suggested)
fingerprint: C3:70:03:D6:8A:2A:59:2A:1E:8B:14:7E:1C:6A:D9:C6:C7:E1:F4:59
gpgsm: DBG: connection to agent established
[certificate is good]
Certified by
Serial number: 00
Issuer: /CN=BS Root CA/OU=RD/O=Privaat/L=Donk/ST=Limburg/C=BE
Subject: /CN=BS Root CA/OU=RD/O=Privaat/L=Donk/ST=Limburg/C=BE
validity: 2004-07-18 22:04:50 through 2014-07-16 22:04:50
key type: 2048 bit RSA
chain length: unlimited
fingerprint: 4C:8B:25:A5:4F:2D:F6:A5:A4:BC:C4:90:7C:45:A0:81:3F:85:09:F5
[certificate is good]

secmem usage: 1344/16384 bytes in 2 blocks

On Thursday 29 July 2004 16:35, Jan-Oliver Wagner wrote:
> On Thu, Jul 29, 2004 at 04:26:56PM +0200, bsmaillist@skynet.be wrote:
> > There is no AIA in the certificate nor a CRL distribution point.
> > There is no CRL, these are simply self-made test certificates.
> >
> > Is a CRL mandatory for GnuPG / gpgsm to function correctly?
> > And how does this explain that KMail freezes when CRL checking is
> > explicitly disabled?
>
> you may disable crls checks for testing.
>
> Add
> disable-crl-checks
> to dirmngr.conf
>
> But note that this undermines the concept of S/MIME.
>
> Best
>
> Jan


Hi Jan,


How does "disable-crl-checks" in gpgsm.conf and dirmngr.conf relate?

I tried what you suggest but it doesn't make any difference. With or without
disable-crl-checks in dirmngr.conf I always get:

1) with disable-crl-checks also in gpgsm.conf KMail always freezes, even when
starting KMail (I suppost the initialisation of the crypto plugins freeze the
rest of KMail as well)

2) without disable-crl-checks in gpgsm.conf with KMail still can't
verify/decrypt the signed/encrypted e-mails I sent to myself

On Thu, Jul 29, 2004 at 04:49:06PM +0200, bsmaillist@skynet.be wrote:
> How does "disable-crl-checks" in gpgsm.conf and dirmngr.conf relate?

sorry, it was a typo. I meant gpgsm.conf, but you already
tested this as I can see.

--
Jan-Oliver Wagner http://intevation.de/~jan/

Intevation GmbH http://intevation.de/
FreeGIS http://freegis.org/

On Thu, 29 Jul 2004 16:38:53 +0200, bsmaillist said:

> I didn't find the format of the irmngr_ldapservers.conf configuration file in
> the GnuPG info files.

You need to look into the dirmngr mananul. dirmngr is not part of
gnupg, proper.


Werner