[Kde-pim] S/MIME validation in kmail
Nick Shaforostoff
shaforostoff at gmail.com
Sun Dec 7 11:19:27 GMT 2008
2008/12/7 Ingo Klöcker <kloecker at kde.org>:
> On Sunday 07 December 2008, Nick Shaforostoff wrote:
>> Hi.
>>
>> Please tell me what's the relationship of underlined items:
>> http://youonlylivetwice.info/kmail-crl.png
>
> Those two items (and all other items of the S/MIME Validation
> configuration) correspond directly to configuration options of gpgsm
> (which is used by KMail for handling all things related to S/MIME):
>
> The two choices "Validate certificates using CRLs" and "Validate
> certificates online (OCSP)" correspond to gpgsm's
> option --enable-ocsp/--disable-ocsp. Quoting from [1]:
>
> Be default OCSP checks are disabled. The enable option may be used to
> enable OCSP checks via Dirmngr. If CRL checks are also enabled, CRLs
> will be used as a fallback if for some reason an OCSP request won't
> succeed. Note, that you have to allow OCSP requests in Dirmngr's
> configuration too (option --allow-ocsp and configure dirmngr properly.
> If you don't do so you will get the error code `Not supported'.
>
>
> The option "Never consult a CRL" corresponds to gpgsm's
> option --enable-crl-checks/--disable-crl-checks. Quoting from [1]:
>
> By default the CRL checks are enabled and the DirMngr is used to check
> for revoked certificates. The disable option is most useful with an
> off-line network connection to suppress this check.
then it makes sense to move this option closer to OSCP one, and
autodisable it when 'Validate certificates using CRLs' is checked:
http://youonlylivetwice.info/kmail-crl-after.png
ok for me to commit?
_______________________________________________
KDE PIM mailing list kde-pim at kde.org
https://mail.kde.org/mailman/listinfo/kde-pim
KDE PIM home page at http://pim.kde.org/
More information about the kde-pim
mailing list