https://bugs.kde.org/show_bug.cgi?id=409720
Bug ID: 409720
Summary: CA update not workong
Product: kleopatra
Version: unspecified
Platform: Debian stable
OS: Linux
Status: REPORTED
Severity: normal
Priority: NOR
Component: general
Assignee: aheine...@gnupg.org
Reporter: wannes...@googlemail.com
CC: kdepim-b...@kde.org, m...@kde.org
Target Milestone: ---
SUMMARY
If you have a old outdated CA-Certificate and a newer one kleopatra validates
against the old one and thinks the certificates signed by it aren't
trustworthy.
This is especially annoying since you even can't remove the old CA since
removing a CA will result in removing all certificates singed by it.
So please make an easy CA replacement possible.
STEPS TO REPRODUCE
1. Import a CA-certificate (A) with an near in the future laying enddate
2. Import a longer valid certificate (B) that is signed by this CA.
3. Import a longer valid CA-certificate (C) for the same CA.
4. Wait until the first CA-certificate (A) runs out.
OBSERVED RESULT
The certificate (B) is no longer trusted also there is a path to a existing,
trusted CA (C).
EXPECTED RESULT
Kleopatra should validate against the still trusted CA.
--
You are receiving this mail because:
You are watching all bug changes.
