409720 – CA update not workong

Bug 409720 - CA update not workong

Summary: CA update not workong

Status:	REPORTED

Alias:	None

Product:	kleopatra
Classification:	Applications
Component:	general (show other bugs)
Version:	unspecified
Platform:	Debian stable Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	Andre Heinecke

URL:
Keywords:

Depends on:
Blocks:

Reported:	2019-07-11 14:55 UTC by wannespam
Modified:	2019-07-11 14:55 UTC (History)
CC List:	2 users (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description wannespam 2019-07-11 14:55:45 UTC

SUMMARY
If you have a old outdated CA-Certificate and a newer one kleopatra validates against the old one and thinks the certificates signed by it aren't trustworthy.
This is especially annoying since you even can't remove the old CA since removing a CA will result in removing all certificates singed by it.
So please make an easy CA replacement possible.


STEPS TO REPRODUCE
1. Import a CA-certificate (A) with an near in the future laying enddate 
2. Import a longer valid certificate (B) that is signed by this CA.
3. Import a longer valid CA-certificate (C) for the same CA.
4. Wait until the first CA-certificate (A) runs out. 

OBSERVED RESULT
The certificate (B) is no longer trusted also there is a path to a existing, trusted CA (C).

EXPECTED RESULT
Kleopatra should validate against the still trusted CA.