#758 ✓released

dirmngr fails with an error when querying api.protonmail.ch due to a OCSP error

Reported by Support | May 28th, 2021 @ 08:50 PM | in 2.2.32 (closed)

Assigned to Stable #111369. When using dirmngr to query api.protonmail.ch the call fails with the following error:

gpg: error searching keyserver: General error
gpg: keyserver search failed: General error

The debug log of the gnutls stack states that the verification of the OCSP response failed:

The certificate is NOT trusted. The received OCSP status response is invalid.

As reported by the user however the same error doesn't appear when they compiled MacGPG2 themselves.

After further debugging it turns out that the user's self-compiled version uses libtasn1 to decode the certificate, while our version uses the miniasn1 library included in gnutls itself.
This is a bug in miniasn1.

(Created by Luke Le)

Comments and changes to this ticket

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Shared Ticket Bins

People watching this ticket