| Summary: | Can not trust CAcert Class 3 Root certificate | ||
|---|---|---|---|
| Product: | [Applications] kleopatra | Reporter: | grueffelokatze |
| Component: | general | Assignee: | kdepim bugs <pim-bugs-null> |
| Status: | RESOLVED NOT A BUG | ||
| Severity: | major | CC: | emanuel, mutz |
| Priority: | NOR | ||
| Version First Reported In: | 2.1.1 | ||
| Target Milestone: | --- | ||
| Platform: | openSUSE | ||
| OS: | Linux | ||
| Latest Commit: | Version Fixed/Implemented In: | ||
| Sentry Crash Report: | |||
Please try: enable Kleopatra/GnuPG option "allow mark trusted" and import root certificate. Click "yes" to mark certificate as trusted. |
I was trying to use a class 3 certificate to sign my emails (using KMail). with the class 1 certificate it works fine, but not using class 3 certificate. When selecting the sertificates in KMail, the class1 certificate is marked with a green check sign, but the class 3 certificate is marked with a red cross. I think that should be related to the trust setting in kleopatra. Here is the whole storry: I have imported the CAcert (www.cacert.org) root certificates class 1 and class 3. Beside that, I also imported my personal CAcert certifactes signed by the class 1 and the class3 CAcert certificates. So in Kleoparta it looks like this: - CA Cert Signing Autohority - A - - <MyPersonalCertificate signed by the class 1> - B - - CAcert Class 3 Root -C - - <MyPersonalCertificate signed by the class 3> - D - Kleopatra shows me (using customized colors for certificate categories), that: -A- is a trusted root certificate -B- does not fit to the categories (Black bold text, as in default settings) -C- category other keys (non-bold black text) -D- Same as -B- Using the right mouse button, I can trust and not trust the certificate -A-. The coloring changes in relation to my selection, but this never changes coloring of the sub-certificates. I can not change my trust in certificate -C-. I already added the fingerprints of the CAcert class 1 and class 3 certificate to gnupgp trustlist.txt. But still I can not change the trust on class 3 certificate. Maybe this is not possible, because it's listed as a sub-certificate of the class 1 certificate? Anyhow, KMail only works using the class 1 certificate to sign my emails. Reproducible: Always Steps to Reproduce: 1. Import the class 1 and class 3 certificate of www.cacert.org 2. Try to change the trust of class 3 CAcert root certificate 3. Actual Results: Can change my trust in the class 1 certificate. Can not change my trust in the class 3 certificate. Expected Results: Can change my trust in the class 1 certificate. Can change my trust in the class 3 certificate.