[kleopatra] [Bug 376563] Kleopatra crashes with segmentation fault on startup after importing PEM file
https://bugs.kde.org/show_bug.cgi?id=376563 --- Comment #10 from Guido Winkelmann --- (In reply to Guido Winkelmann from comment #9) > As of 2022-03-23, the bug is still present in the released version 21.08.3, > but does appear to be fixed in the newest git version. Does anybody happen to know which commit fixed it, and whether it was in kleopatra itself or in libkleo? -- You are receiving this mail because: You are watching all bug changes.
[kleopatra] [Bug 376563] Kleopatra crashes with segmentation fault on startup after importing PEM file
https://bugs.kde.org/show_bug.cgi?id=376563 --- Comment #9 from Guido Winkelmann --- As of 2022-03-23, the bug is still present in the released version 21.08.3, but does appear to be fixed in the newest git version. -- You are receiving this mail because: You are watching all bug changes.
[kleopatra] [Bug 376563] Kleopatra crashes with segmentation fault on startup after importing PEM file
https://bugs.kde.org/show_bug.cgi?id=376563 Arnold Seiler changed: What|Removed |Added CC||arnold338250...@web.de --- Comment #8 from Arnold Seiler --- User certificates from KIT seem to suffer from this bug as well. They are cross signed by an old chain with root-CA "Deutsche Telekom Root CA 2" and a new one with root-CA "T-TeleSec GlobalRoot Class 2". User certificates are available here (this is mine) https://search.ca.kit.edu/pubdownload/pem/10311245368690295726648917385 Installing the new root-CA by hand from https://pki.pca.dfn.de/kit-ca/cgi-bin/pub/pki?cmd=getStaticPage;name=index;id=2_ID=0 seems to enforce the new chain and solve the invalid old root. Nevertheless the valid path should be found without manual intervention. -- You are receiving this mail because: You are watching all bug changes.
[kleopatra] [Bug 376563] Kleopatra crashes with segmentation fault on startup after importing PEM file
https://bugs.kde.org/show_bug.cgi?id=376563 --- Comment #7 from Andre Heinecke--- No it's a bug in GpgSM / Kleopatra. This special certificate is not handled by GpgSM correctly and Kleopatra can't cope with it. I'm not sure if this is only an upstream bug without further analysis. At least Kleopatra should handle this. I'll try to look at it soon. -- You are receiving this mail because: You are watching all bug changes.
[kleopatra] [Bug 376563] Kleopatra crashes with segmentation fault on startup after importing PEM file
https://bugs.kde.org/show_bug.cgi?id=376563 Denis Kurzchanged: What|Removed |Added CC||kde...@posteo.de --- Comment #6 from Denis Kurz --- You might want to consider if this was caused by a Qt bug that was resolved fixed in 5.8, as described in Bug 361895, Comment 1. -- You are receiving this mail because: You are watching all bug changes.
[kleopatra] [Bug 376563] Kleopatra crashes with segmentation fault on startup after importing PEM file
https://bugs.kde.org/show_bug.cgi?id=376563 Andre Heineckechanged: What|Removed |Added Ever confirmed|0 |1 Status|UNCONFIRMED |CONFIRMED --- Comment #5 from Andre Heinecke --- Thank you very much. I can reproduce the problem with this certificate and I agree about the likely cause. But there is also an underlying problem in GpgSM. It does not handle the certificate well either. When importing it I got warnings about "Certificate chain too long" and while gpgsm -k looks ok if you do a "gpgsm -k --with-validation" causing it to check the certificate chain it takes a while and then shows: [checking the CRL failed: Bad certificate chain] [certificate is bad: Bad certificate chain] -- You are receiving this mail because: You are watching all bug changes.
[kleopatra] [Bug 376563] Kleopatra crashes with segmentation fault on startup after importing PEM file
https://bugs.kde.org/show_bug.cgi?id=376563 --- Comment #4 from Guido Winkelmann--- Created attachment 104098 --> https://bugs.kde.org/attachment.cgi?id=104098=edit The pem file that caused the crash after it was imported -- You are receiving this mail because: You are watching all bug changes.
[kleopatra] [Bug 376563] Kleopatra crashes with segmentation fault on startup after importing PEM file
https://bugs.kde.org/show_bug.cgi?id=376563 --- Comment #3 from Guido Winkelmann--- I just had another look into the PEM file I imported, and I noticed something that could potentially, without having actually looked at the code, explain the out of control recursion: The Comodo CA certificate is signed by AddTrust External CA Root, which itself is cross signed by UTN - DATACorp SGC, meaning UTN - DATACorp SGC is itself again signed by AddTrust. This cross-signing thing is a fairly obscure feature of X.509 certificates that, until recently, was very rarely seen in the wild. If a programmer is not aware of this possibility, and didn't think to check X.509 trust paths for loops or at least limit the length of support trust chains, then trying to build a trust path for a certificate with such a cross-signed CA in there somewhere will usually lead to endless recursion. -- You are receiving this mail because: You are watching all bug changes.
[kleopatra] [Bug 376563] Kleopatra crashes with segmentation fault on startup after importing PEM file
https://bugs.kde.org/show_bug.cgi?id=376563 --- Comment #2 from Guido Winkelmann--- gpgsm -k looks like it's working fine here and doesn't show anything that looks fishy to me. -- You are receiving this mail because: You are watching all bug changes.
[kleopatra] [Bug 376563] Kleopatra crashes with segmentation fault on startup after importing PEM file
https://bugs.kde.org/show_bug.cgi?id=376563 --- Comment #1 from Andre Heinecke--- Thank you for your detailed report. I've had a brief look at the code and don't see an obvious recursion possiblity. As you write that this happens after importing a specific certificate could you attach that certificate here or send it to aheine...@intevation.de Additionally it would be great if you could check with "gpgsm -k" if the output looks fishy already. (e.g. one certificate is repeated a lot) -- You are receiving this mail because: You are watching all bug changes.