Bug#842291: notmuch processes frequently stuck in select()
David Bremner
david at tethera.net
Wed Nov 23 14:57:38 PST 2016
Daniel Kahn Gillmor <dkg at fifthhorseman.net> writes:
>
> 0) turn off CRL updates entirely during s/mime signature verification
>
> 1) do s/mime signature verification without CRL updates, but schedule
> CRL checks to happen in the background for dirmngr, so that future
> verifications will reflect the cert validity
>
> 2) have dirmngr avoid checking CRLs that it knows it has already
> updated recently
>
> 3) tell dirmngr to use much shorter CRL fetch timeouts
>
>
> Any thoughts on the best way to pursue this?
>
> --dkg
Maybe the issue is in gmime's usage of gpgme. If I understand correctly
(which is far from a sure thing), pkcs7_verify calls gpgme_op_verify
which is synchronous, and (apparently) does not support timeouts. An
alternate strategy would be to call gpgme_op_verify_start, and then call
gpgme_wait, which has a nonblocking mode. I don't really understand the
S/MIME model, but naively it seems OK for signature verification to fail
if the CRL check doesn't finish quickly.
d
More information about the notmuch
mailing list