From 503f91e0aea99fe09064e29ec9df1ded1a3bd3c3 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Fri, 24 Aug 2007 09:34:39 +0000 Subject: tryu harder to ignore duplicate specified keyrings and -boxes. Documentation updates. --- doc/ChangeLog | 5 +++++ doc/debugging.texi | 19 +++++++++++++++++++ doc/gpg-agent.texi | 4 +++- 3 files changed, 27 insertions(+), 1 deletion(-) (limited to 'doc') diff --git a/doc/ChangeLog b/doc/ChangeLog index 07c497cc7..d4ade07d9 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,8 @@ +2007-08-24 Werner Koch + + * debugging.texi (Common Problems): Add "A root certifciate does + not validate." + 2007-08-14 Werner Koch * glossary.texi (Glossary): Add a more items. diff --git a/doc/debugging.texi b/doc/debugging.texi index e1a62d7eb..fb27b2710 100644 --- a/doc/debugging.texi +++ b/doc/debugging.texi @@ -77,6 +77,13 @@ are flagges as ephemeral, meaning that they are only temporary stored provided by @command{gpgsm} or @command{gpg}. 81 certifcates are stored in a standard way and directly available from @command{gpgsm}. +@noindent +To find duplicated certificates and keyblocks in a keybox file (this +should not occur but sometimes things go wrong), run it using + +@samp{kbxutil --find-dups ~/.gnupg/pubring.kbx} + + @@ -165,6 +172,18 @@ stored private keys because some private keys are used for Secure Shell or other purposes and don't have a corresponding certificate. +@item A root certificate does not verify + +A common problem is that the root certificate misses the required +basicConstrains attribute and thus @command{gpgsm} rejects this +certificate. An error message indicating ``no value'' is a sign for +such a certificate. You may use the @code{relax} flag in +@file{trustlist.txt} to accept the certificate anyway. Note that the +fingerprint and this flag may only be added manually to +@file{trustlist.txt}. + + + @end itemize diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index 829530bd8..156fe533e 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -502,7 +502,9 @@ caller: @table @code @item relax -Relax checking of some root certificate requirements. +Relax checking of some root certificate requirements. This is for +example required if the certificate is missing the basicConstraints +attribute (despite that it is a MUST for CA certificates). @item cm If validation of a certificate finally issued by a CA with this flag set -- cgit v1.2.3