From: Tomi Ollila <tomi.ollila@iki.fi>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>,
Notmuch Mail <notmuch@notmuchmail.org>
Subject: Re: [PATCH 15/15] tests: disable CRL checks from gpgsm
Date: Wed, 29 Apr 2020 23:12:33 +0300 [thread overview]
Message-ID: <m2tv12jbke.fsf@guru.guru-group.fi> (raw)
In-Reply-To: <20200428185723.660184-16-dkg@fifthhorseman.net>
On Tue, Apr 28 2020, Daniel Kahn Gillmor wrote:
> GPGME has a strange failure mode when it is in offline mode, and/or
> when certificates don't have any CRLs: in particular, it refuses to
> accept the validity of any certificate other than a "root" cert.
>
> This can be worked around by setting the `disable-crl-checks`
> configuration variable for gpgsm.
>
> I've reported this to the GPGME upstream at
> https://dev.gnupg.org/T4883, but I have no idea how it will be
> resolved. In the meantime, we'll just work around it.
>
> Note that this fixes the test for verification of
> id:smime-multipart-signed@protected-headers.example, because
> multipart/signed messages are already handled correctly (one-part
> PKCS#7 messages will get fixed later).
>
> Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Rest of the series look tolerable to me. That one missing
"inconsistent quotes" is inconsistent with added quotes
in one of the changes in previous email (which just did that)
Otherwise OK (provided that tests pass)
(except that https://www.ietf.org/id/draft-dkg-lamps-samples-01.html
if not found (by me either, like David)
Tomi
next prev parent reply other threads:[~2020-04-29 20:12 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-28 18:57 Add tests for S/MIME PKCS#7 messages Daniel Kahn Gillmor
2020-04-28 18:57 ` [PATCH 01/15] tests: move add_gpgsm_home to test-lib.sh Daniel Kahn Gillmor
2020-04-30 21:29 ` David Bremner
2020-04-28 18:57 ` [PATCH 02/15] tests/smime: Always use --batch with gpgsm Daniel Kahn Gillmor
2020-04-30 19:33 ` [PATCH 03/15 v2] tests/smime: Include the Sample LAMPS Certificate Authority Daniel Kahn Gillmor
2020-04-28 18:57 ` [PATCH 03/15] " Daniel Kahn Gillmor
2020-04-29 1:43 ` David Bremner
2020-04-30 16:51 ` Daniel Kahn Gillmor
2020-04-28 18:57 ` [PATCH 04/15] tests/smime: consistently quote $GNUPGHOME Daniel Kahn Gillmor
2020-04-28 18:57 ` [PATCH 05/15] tests/smime: Use gpgsm instead of openssl for mml creation of S/MIME msgs Daniel Kahn Gillmor
2020-04-28 18:57 ` [PATCH 06/15] tests/smime: avoid copying the key+cert.pem around Daniel Kahn Gillmor
2020-04-28 18:57 ` [PATCH 07/15] test: Allow tests to have both gpg and gpgsm active at once Daniel Kahn Gillmor
2020-04-29 20:02 ` Tomi Ollila
2020-04-30 16:53 ` Daniel Kahn Gillmor
2020-04-30 19:34 ` [PATCH 07/15 v2] " Daniel Kahn Gillmor
2020-04-28 18:57 ` [PATCH 08/15] tests/smime: include secret key material for Bob Daniel Kahn Gillmor
2020-04-29 20:05 ` Tomi Ollila
2020-04-30 16:56 ` Daniel Kahn Gillmor
2020-04-30 19:35 ` [PATCH 08/15 v2] " Daniel Kahn Gillmor
2020-04-28 18:57 ` [PATCH 09/15] tests: Add S/MIME messages to protected-headers corpus Daniel Kahn Gillmor
2020-04-28 18:57 ` [PATCH 10/15] tests/smime: Verify cryptographic message status Daniel Kahn Gillmor
2020-04-28 18:57 ` [PATCH 11/15] tests/smime: Test indexing cleartext of envelopedData Daniel Kahn Gillmor
2020-04-28 18:57 ` [PATCH 12/15] test-lib.sh: add test_valid_json Daniel Kahn Gillmor
2020-04-28 18:57 ` [PATCH 13/15] tests/smime: add tests for S/MIME SignedData Daniel Kahn Gillmor
2020-04-28 18:57 ` [PATCH 14/15] test/protected-headers: Add tests for S/MIME protected headers Daniel Kahn Gillmor
2020-04-28 18:57 ` [PATCH 15/15] tests: disable CRL checks from gpgsm Daniel Kahn Gillmor
2020-04-29 20:12 ` Tomi Ollila [this message]
2020-04-30 19:00 ` Daniel Kahn Gillmor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://notmuchmail.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m2tv12jbke.fsf@guru.guru-group.fi \
--to=tomi.ollila@iki.fi \
--cc=dkg@fifthhorseman.net \
--cc=notmuch@notmuchmail.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://yhetil.org/notmuch.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).