Re: [gentoo-user] OpenSSL certificates and Kmail

[Jure Varlec <exzombie@exzombie.homeip.net>]

[-- Attachment #1: Type: text/plain, Size: 2990 bytes --]

On Sunday 20 of May 2007 20:16:43 Mick wrote:
> OK, I also tried Validate with CRL and I am now getting a CRL related
> error: =============================================================
> 5 - 2007-05-20 19:09:00 gpg-agent[7251]: handler 0x80c8820 for fd 0
> terminated 7 - 2007-05-20 19:09:01 dirmngr[9532.0x8080078] DBG: <- ISVALID
> CDECFDC58640B7262B39CCB59B61E8EEFF2ED4D0.0380C6
>   7 - 2007-05-20 19:09:01 dirmngr[9532]: no CRL available for issuer id
> CDECFDC58640B7262B39CCB59B61E8EEFF2ED4D0
>   7 - 2007-05-20 19:09:01 dirmngr[9532.0x8080078] DBG: -> INQUIRE SENDCERT
>   7 - 2007-05-20 19:09:01 dirmngr[9532.0x8080078] DBG: <- [ 44 20 30 82 05
> 42 30 82 03 2a a0 03 02 01 02 02 03 03 80 c6 30 25 30 44 06 09 2a [snip ] 7
> - 2007-05-20 19:09:01 dirmngr[9532.0x8080078] DBG: <- [ 44 20 1c 45 de 3e
> 49 63 5f 1f 65 58 03 4f 5c 08 82 ef cd b0 15 bd a7 2b 3e 58 76 [snip ] 7 -
> 2007-05-20 19:09:01 dirmngr[9532.0x8080078] DBG: <- END
>   7 - 2007-05-20 19:09:01 dirmngr[9532]: crl_fetch via issuer failed:
> Configuration error
>   7 - 2007-05-20 19:09:01 dirmngr[9532]: command ISVALID failed:
> Configuration error
>   7 - 2007-05-20 19:09:01 dirmngr[9532.0x8080078] DBG: -> ERR 167772275
> Configuration error
>   6 - 2007-05-20 19:09:01 gpgsm[9531]: response of dirmngr: ec=10.115
>   6 - 2007-05-20 19:09:01 gpgsm[9531]: checking the CRL failed:
> Configuration error
>   6 - 2007-05-20 19:09:01 gpgsm[9531.0x80806a0] DBG: -> S INV_RECP 0
> 9964FAAE960AD708013D03A5CC3E6023CDC3E990
>   6 - 2007-05-20 19:09:01 gpgsm[9531.0x80806a0] DBG: -> ERR 167772275
> Configuration error
>   6 - 2007-05-20 19:09:04 gpgsm[9531.0x80806a0] DBG: <- BYE
>   6 - 2007-05-20 19:09:05 gpgsm[9531.0x80806a0] DBG: -> OK closing
> connection 7 - 2007-05-20 19:09:05 dirmngr[9532.0x8080078] DBG: <- [EOF]
> =============================================================
>
> What should I use OCP or CRL and if the latter how am I supposed to
> configure this?


Ugh. Well, they say a picture is worth a thousand words:
http://imgs.xkcd.com/comics/unspeakable_pun.jpg

Now that I checked with some random signed mails on this list, it turns out my 
setup shows exactly the same symptoms as yours, i.e. it can't download 
certain CRLs and cacert's OCP doesn't work. To be frank, what I really needed 
S/MIME to work for are the bills my telco issues through e-mail. After 
installing dimngr and the relevant certificate, kmail recognizes signature in 
their bills correctly.

Funny thing is, kleopatra can and does download certain CRLs correctly using 
URLs embedded in a certificate, but can't do so for some others. And even if 
it can download a CRL, it then can't download the issuer certificate which 
makes it a bit useless. I haven't a clue how to proceed, as documentation 
seems a bit scarce.

As there are people on this list who use S/MIME signatures I guess it can be 
made to work. Perhaps someone could chime in?

Regards
Jure

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 189 bytes --]