On Wed, Jul 01, 2026 at 10:36:11AM +0200, Robert Jäschke via Mutt-users wrote:
I am using gpgme (set crypt_use_gpgme) to encrypt and sign mails using s/mime. Several (own and others') certificates have been expired and are still in gpg's database. I do not want to remove them, since I can still use them to validate/decrypt old mails. Still, I find it confusing (if not to say annoying), to get these expired certificates presented whenever I want to send an encrypted mail, e.g.:
I'm sorry to say the news is not great. The mutt GPGME code was written quite a while ago. It looks like, at that time, the concept of expired was not included in the s/mime code when querying keys.
It looks quite deliberate, because the query code is shared with PGP but has those parts only enabled for the PGP backend. So perhaps at that time the GPGME library didn't have support for that information.
I'm not sure if it does now. I'll check with Werner and see if there are updates.
-- Kevin J. McCarthy GPG Fingerprint: 8975 A9B3 3AA3 7910 385C 5308 ADEF 7684 8031 6BDA
signature.asc
Description: PGP signature
