On Thu, 29 Jul 2021 18:36, Andrew Gallagher said: > If you built gnupg from its default configuration, it does not > automatically look in /etc/ssl/certs for CA certificates. You may want
On Unix and unless gnupg was build with --with-default-trust-store-file
the following collections of certificates are used for TLS:
{ "/etc/ssl/ca-bundle.pem" },
{ "/etc/ssl/certs/ca-certificates.crt" },
{ "/etc/pki/tls/cert.pem" },
{ "/usr/local/share/certs/ca-root-nss.crt" },
{ "/etc/ssl/cert.pem" }
> to add a soft link from /etc/gnupg/trusted-certs to /etc/ssl/certs so
> that dirmngr looks in the Mozilla certificate library.
Not a too good idea becuase these certificates are used for a different
purpose.
FWIW, here is the list of internal certificate classes used:
CERTTRUST_CLASS_SYSTEM = 1, /* From the system's list of trusted certs. */
CERTTRUST_CLASS_CONFIG = 2, /* From dirmngr's config files. */
CERTTRUST_CLASS_HKP = 4, /* From --hkp-cacert */
CERTTRUST_CLASS_HKPSPOOL= 8, /* The one and only from sks-keyservers */
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
