[kleopatra] [Bug 409720] New: CA update not workong

Thu Jul 11 15:55:45 BST 2019

https://bugs.kde.org/show_bug.cgi?id=409720

            Bug ID: 409720
           Summary: CA update not workong
           Product: kleopatra
           Version: unspecified
          Platform: Debian stable
                OS: Linux
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: general
          Assignee: aheinecke at gnupg.org
          Reporter: wannespam at googlemail.com
                CC: kdepim-bugs at kde.org, mutz at kde.org
  Target Milestone: ---

SUMMARY
If you have a old outdated CA-Certificate and a newer one kleopatra validates
against the old one and thinks the certificates signed by it aren't
trustworthy.
This is especially annoying since you even can't remove the old CA since
removing a CA will result in removing all certificates singed by it.
So please make an easy CA replacement possible.

STEPS TO REPRODUCE
1. Import a CA-certificate (A) with an near in the future laying enddate 
2. Import a longer valid certificate (B) that is signed by this CA.
3. Import a longer valid CA-certificate (C) for the same CA.
4. Wait until the first CA-certificate (A) runs out. 

OBSERVED RESULT
The certificate (B) is no longer trusted also there is a path to a existing,
trusted CA (C).

EXPECTED RESULT
Kleopatra should validate against the still trusted CA.

-- 
You are receiving this mail because:
You are on the CC list for the bug.