thanks for new version 3.1.1 of gpg4win. I noticed improvements as follows:
1.) Comodo CA is supported, client certs are valid.
2.) Automated sending for SMIME seems to work now. I will test it again.
But there is still a problem with CAcert: CA Cert Signing Authority is valid in Kleopatra, but not the CAcert Class 3 Root cert.
Will you fix it?
To be honest I’m not sure. The validation fails with “No CRL Known”
Looking at this certificate it does not have a CRL distribution point, but an OCSP URL.
I think with no CRL Distribution Point it should accept the cert and not fail with “No CRL Known”. I’ll ask the maintainer of that about it.
As a workaround, If I enable OSCP Checks as described in: https://forum.gnupg.org/t/validation-ocsp/3302
The certificate validates for me.
the default in PKIX probably is that a cert will not be accepted if there is
no revocation information. If the cert is missing a CRL distribution point,
that maybe a problem of the cert.
But I can create self signed certificates without a CRL and make them valid by adding them to the trustlist.txt
And I think that CRL’s are optional so we might have an issue here.