diff options
| author | Werner Koch <[email protected]> | 2007-08-24 09:34:39 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2007-08-24 09:34:39 +0000 |
| commit | 503f91e0aea99fe09064e29ec9df1ded1a3bd3c3 (patch) | |
| tree | e3dd4b252d6d05a5aa15aea799ab9447ea74ccbd /doc | |
| parent | Add new features to kbxutil. (diff) | |
| download | gnupg-503f91e0aea99fe09064e29ec9df1ded1a3bd3c3.tar.gz gnupg-503f91e0aea99fe09064e29ec9df1ded1a3bd3c3.zip | |
tryu harder to ignore duplicate specified keyrings and -boxes.
Documentation updates.
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/ChangeLog | 5 | ||||
| -rw-r--r-- | doc/debugging.texi | 19 | ||||
| -rw-r--r-- | doc/gpg-agent.texi | 4 |
3 files changed, 27 insertions, 1 deletions
diff --git a/doc/ChangeLog b/doc/ChangeLog index 07c497cc7..d4ade07d9 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,8 @@ +2007-08-24 Werner Koch <[email protected]> + + * debugging.texi (Common Problems): Add "A root certifciate does + not validate." + 2007-08-14 Werner Koch <[email protected]> * glossary.texi (Glossary): Add a more items. diff --git a/doc/debugging.texi b/doc/debugging.texi index e1a62d7eb..fb27b2710 100644 --- a/doc/debugging.texi +++ b/doc/debugging.texi @@ -77,6 +77,13 @@ are flagges as ephemeral, meaning that they are only temporary stored provided by @command{gpgsm} or @command{gpg}. 81 certifcates are stored in a standard way and directly available from @command{gpgsm}. +@noindent +To find duplicated certificates and keyblocks in a keybox file (this +should not occur but sometimes things go wrong), run it using + +@samp{kbxutil --find-dups ~/.gnupg/pubring.kbx} + + @@ -165,6 +172,18 @@ stored private keys because some private keys are used for Secure Shell or other purposes and don't have a corresponding certificate. +@item A root certificate does not verify + +A common problem is that the root certificate misses the required +basicConstrains attribute and thus @command{gpgsm} rejects this +certificate. An error message indicating ``no value'' is a sign for +such a certificate. You may use the @code{relax} flag in +@file{trustlist.txt} to accept the certificate anyway. Note that the +fingerprint and this flag may only be added manually to +@file{trustlist.txt}. + + + @end itemize diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index 829530bd8..156fe533e 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -502,7 +502,9 @@ caller: @table @code @item relax -Relax checking of some root certificate requirements. +Relax checking of some root certificate requirements. This is for +example required if the certificate is missing the basicConstraints +attribute (despite that it is a MUST for CA certificates). @item cm If validation of a certificate finally issued by a CA with this flag set |