https://bugs.kde.org/show_bug.cgi?id=409720
Bug ID: 409720 Summary: CA update not workong Product: kleopatra Version: unspecified Platform: Debian stable OS: Linux Status: REPORTED Severity: normal Priority: NOR Component: general Assignee: aheine...@gnupg.org Reporter: wannes...@googlemail.com CC: kdepim-b...@kde.org, m...@kde.org Target Milestone: --- SUMMARY If you have a old outdated CA-Certificate and a newer one kleopatra validates against the old one and thinks the certificates signed by it aren't trustworthy. This is especially annoying since you even can't remove the old CA since removing a CA will result in removing all certificates singed by it. So please make an easy CA replacement possible. STEPS TO REPRODUCE 1. Import a CA-certificate (A) with an near in the future laying enddate 2. Import a longer valid certificate (B) that is signed by this CA. 3. Import a longer valid CA-certificate (C) for the same CA. 4. Wait until the first CA-certificate (A) runs out. OBSERVED RESULT The certificate (B) is no longer trusted also there is a path to a existing, trusted CA (C). EXPECTED RESULT Kleopatra should validate against the still trusted CA. -- You are receiving this mail because: You are watching all bug changes.