From: Uwe Brauer <oub@mat.ucm.es>
To: ding@gnus.org
Cc: Daiki Ueno <ueno@gnu.org>
Subject: gpgsm, certificate expired, different certificate, epa does not encrypt
Date: Wed, 18 Dec 2013 11:25:33 +0100 [thread overview]
Message-ID: <87ioum78wy.fsf@mat.ucm.es> (raw)
[-- Attachment #1.1: Type: text/plain, Size: 570 bytes --]
Hello
I have several email accounts with different (comodo certificates).
Now one certificate for the address address1@gmail.com has expired.
However I want to send an email from address2 (whose certificate is
*not* expired) to a recipient.
However when I try to encrypt this message, it does not work.
I obtain an error message,
whose epa bug trace I attach. It is not clear to me, who is the culprit,
epa or gpgsm.
But I consider this is a BUG, I don't want to use the expired
certificate but one which is not expired.
thanks
Uwe Brauer
[-- Attachment #1.2: gpg-experied --]
[-- Type: text/plain, Size: 3504 bytes --]
gpgsm --no-tty --status-fd 1 --yes --output /tmp/oub/epg-outputR_HIIF --detach-sign -u F69E1EFB6147C786
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: CRLs not checked due to --disable-crl-checks option
gpgsm: certificate has expired
gpgsm: (expired at 2013-12-16 23:59:59)
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: CRLs not checked due to --disable-crl-checks option
gpgsm: NOTE: won't be able to encrypt to `<burrurr@gmail.com>': Certificate expired
gpgsm: DBG: adding certificates at level -1
[GNUPG:] SIG_CREATED D 1 2 00 20131218T101015 AF791B3AE3CCA0A1A9575730F69E1EFB6147C786
gpgsm: signature created
gpgsm --no-tty --status-fd 1 --yes --output /tmp/oub/epg-outputR_HVSL --encrypt -r 768D0C6F306269A7 -r F69E1EFB6147C786
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: CRLs not checked due to --disable-crl-checks option
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: CRLs not checked due to --disable-crl-checks option
gpgsm: certificate has expired
gpgsm: (expired at 2013-12-16 23:59:59)
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: CRLs not checked due to --disable-crl-checks option
gpgsm: can't encrypt to `<burrurr@gmail.com>': Certificate expired
[GNUPG:] INV_RECP 5 <burrurr@gmail.com>
gpgsm --no-tty --status-fd 1 --yes --output /tmp/oub/epg-outputR_HicR --detach-sign -u F69E1EFB6147C786
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: CRLs not checked due to --disable-crl-checks option
gpgsm: certificate has expired
gpgsm: (expired at 2013-12-16 23:59:59)
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: CRLs not checked due to --disable-crl-checks option
gpgsm: NOTE: won't be able to encrypt to `<burrurr@gmail.com>': Certificate expired
gpgsm: DBG: adding certificates at level -1
[GNUPG:] SIG_CREATED D 1 2 00 20131218T101051 AF791B3AE3CCA0A1A9575730F69E1EFB6147C786
gpgsm: signature created
gpgsm --no-tty --status-fd 1 --yes --output /tmp/oub/epg-outputR_HvmX --encrypt -r F69E1EFB6147C786 -r F69E1EFB6147C786
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: CRLs not checked due to --disable-crl-checks option
gpgsm: certificate has expired
gpgsm: (expired at 2013-12-16 23:59:59)
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: CRLs not checked due to --disable-crl-checks option
gpgsm: can't encrypt to `<burrurr@gmail.com>': Certificate expired
[GNUPG:] INV_RECP 5 <burrurr@gmail.com>
[-- Attachment #2: smime.p7s --]
[-- Type: application/pkcs7-signature, Size: 5556 bytes --]
next reply other threads:[~2013-12-18 10:25 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-12-18 10:25 Uwe Brauer [this message]
2013-12-18 17:28 ` [SOLVED] (was: gpgsm, certificate expired, different certificate, epa does not encrypt) Uwe Brauer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ioum78wy.fsf@mat.ucm.es \
--to=oub@mat.ucm.es \
--cc=ding@gnus.org \
--cc=ueno@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).