Re: [PATCH 15/15] tests: disable CRL checks from gpgsm

Subject: Re: [PATCH 15/15] tests: disable CRL checks from gpgsm

Date: Wed, 29 Apr 2020 23:12:33 +0300

To: Daniel Kahn Gillmor, Notmuch Mail


From: Tomi Ollila

On Tue, Apr 28 2020, Daniel Kahn Gillmor wrote:

> GPGME has a strange failure mode when it is in offline mode, and/or
> when certificates don't have any CRLs: in particular, it refuses to
> accept the validity of any certificate other than a "root" cert.
> This can be worked around by setting the `disable-crl-checks`
> configuration variable for gpgsm.
> I've reported this to the GPGME upstream at
>, but I have no idea how it will be
> resolved.  In the meantime, we'll just work around it.
> Note that this fixes the test for verification of
> id:smime-multipart-signed@protected-headers.example, because
> multipart/signed messages are already handled correctly (one-part
> PKCS#7 messages will get fixed later).
> Signed-off-by: Daniel Kahn Gillmor <>

Rest of the series look tolerable to me. That one missing 
"inconsistent quotes" is inconsistent with added quotes
in one of the changes in previous email (which just did that)

Otherwise OK (provided that tests pass)
(except that
if not found (by me either, like David)

notmuch mailing list