311725 – Can not trust CAcert Class 3 Root certificate

Bug 311725 - Can not trust CAcert Class 3 Root certificate

Summary: Can not trust CAcert Class 3 Root certificate

Status:	RESOLVED NOT A BUG

Alias:	None

Product:	kleopatra
Classification:	Applications
Component:	general (show other bugs)
Version:	2.1.1
Platform:	openSUSE Linux

Importance:	NOR major
Target Milestone:	---
Assignee:	kdepim bugs

URL:
Keywords:

Depends on:
Blocks:

Reported:	2012-12-15 10:43 UTC by grueffelokatze
Modified:	2013-05-08 15:21 UTC (History)
CC List:	2 users (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description grueffelokatze 2012-12-15 10:43:24 UTC

I was trying to use a class 3 certificate to sign my emails (using KMail). with the class 1 certificate it works fine, but not using class 3 certificate. When selecting the sertificates in KMail, the class1 certificate is marked with a green check sign, but the class 3 certificate is marked with a red cross. I think that should be related to the trust setting in kleopatra.

Here is the whole storry:
I have imported the CAcert (www.cacert.org) root certificates class 1 and class 3. Beside that, I also imported my personal CAcert certifactes signed by the class 1 and the class3 CAcert certificates.
So in Kleoparta it looks like this:
 - CA Cert Signing Autohority        - A -
   - <MyPersonalCertificate signed by the class 1>     - B -
   - CAcert Class 3 Root      -C -
      - <MyPersonalCertificate signed by the class 3>      - D -
Kleopatra shows me (using customized colors for certificate categories), that:
  -A- is a trusted root certificate
  -B- does not fit to the categories (Black bold text, as in default settings)
  -C- category other keys (non-bold black text)
  -D- Same as -B-
Using the right mouse button, I can trust and not trust the certificate -A-. The coloring changes in relation to my selection, but this never changes coloring of the sub-certificates.
I can not change my trust in certificate -C-. I already added the fingerprints of the CAcert class 1 and class 3 certificate to gnupgp trustlist.txt. But still I can not change the trust on class 3 certificate. Maybe this is not possible, because it's listed as a sub-certificate of the class 1 certificate?
Anyhow, KMail only works using the class 1 certificate to sign my emails.


Reproducible: Always

Steps to Reproduce:
1. Import the class 1 and class 3 certificate  of www.cacert.org
2. Try to change the trust of class 3 CAcert root certificate
3.
Actual Results:  
Can change my trust in the class 1 certificate.
Can not change my trust in the class 3 certificate.

Expected Results:  
Can change my trust in the class 1 certificate.
Can change my trust in the class 3 certificate.

Comment 1 Emanuel Schütze 2013-05-08 15:21:29 UTC

Please try: enable Kleopatra/GnuPG option "allow mark trusted" and import root certificate. Click "yes" to mark certificate as trusted.