dirmngr fails with an error when querying api.protonmail.ch due to a OCSP error
Reported by Support | May 28th, 2021 @ 08:50 PM | in 2.2.32 (closed)
Assigned to Stable #111369. When using dirmngr to query api.protonmail.ch the call fails with the following error:
gpg: error searching keyserver: General error
gpg: keyserver search failed: General error
The debug log of the gnutls stack states that the verification of the OCSP response failed:
The certificate is NOT trusted. The received OCSP status response is invalid.
As reported by the user however the same error doesn't appear when they compiled MacGPG2 themselves.
After further debugging it turns out that the user's
self-compiled version uses libtasn1 to decode the certificate,
while our version uses the miniasn1 library included in gnutls
itself.
This is a bug in miniasn1.
(Created by Luke Le)
Comments and changes to this ticket
-
Luke Le May 28th, 2021 @ 09:38 PM
- Assigned user set to “Luke Le”
- Milestone changed from “2.2.27” to “2.2.32”
- Importance changed from “” to “Low”
-
-
steve March 30th, 2022 @ 02:06 AM
- State changed from “verified” to “released”
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create new ticket
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป
Luke Le
steve
Support