Bug#842291: notmuch processes frequently stuck in select()

David Bremner david at tethera.net
Wed Nov 23 14:57:38 PST 2016


Daniel Kahn Gillmor <dkg at fifthhorseman.net> writes:
>
>  0) turn off CRL updates entirely during s/mime signature verification
>
>  1) do s/mime signature verification without CRL updates, but schedule
>     CRL checks to happen in the background for dirmngr, so that future
>     verifications will reflect the cert validity
>
>  2) have dirmngr avoid checking CRLs that it knows it has already
>     updated recently
>
>  3) tell dirmngr to use much shorter CRL fetch timeouts
>

>
> Any thoughts on the best way to pursue this?
>
>     --dkg

Maybe the issue is in gmime's usage of gpgme. If I understand correctly
(which is far from a sure thing), pkcs7_verify calls gpgme_op_verify
which is synchronous, and (apparently) does not support timeouts. An
alternate strategy would be to call gpgme_op_verify_start, and then call
gpgme_wait, which has a nonblocking mode. I don't really understand the
S/MIME model, but naively it seems OK for signature verification to fail
if the CRL check doesn't finish quickly.

d


More information about the notmuch mailing list