On 2011.08.22. 17:31, Werner Koch wrote: > On Mon, 22 Aug 2011 15:27, y...@yyy.id.lv said: > >> This certificate does not have BasicConstraints, maybe this is a cause >> of error? > Quite likely. That is required for CA certifciates. > >> Is it possible to override check for BasicConstraints? Is it a bug? > Try adding the relax keyword to the entry in ~/.gnuypg/trustlist.txt . > That eventually fixed it. Thanks. There were some errors, along the way, though:
Trustlist.txt initially contained only hash of second certificate (with BasicConstraints). Added hash of other certificate (the one without BasicConstraints) and now on ALL certificates gpgsm -k --with-validation --disable-crl-checks produces error [certificate is bad: Line too long]. In this case, first line in trustlist.txt was for second certificate in keyring and second line was for first certificate in keyring. Swapping these lines in trustlist.txt, fixed it. So, order of certificate hashes, relative of certificate order in keyring, is critically important? _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users