--search-keys: "gpg: error searching keyserver: No inquire callback in IPC"
Werner Koch
wk at gnupg.org
Sat Jul 31 17:40:10 CEST 2021
On Thu, 29 Jul 2021 18:36, Andrew Gallagher said:
> If you built gnupg from its default configuration, it does not
> automatically look in /etc/ssl/certs for CA certificates. You may want
On Unix and unless gnupg was build with --with-default-trust-store-file
the following collections of certificates are used for TLS:
{ "/etc/ssl/ca-bundle.pem" },
{ "/etc/ssl/certs/ca-certificates.crt" },
{ "/etc/pki/tls/cert.pem" },
{ "/usr/local/share/certs/ca-root-nss.crt" },
{ "/etc/ssl/cert.pem" }
> to add a soft link from /etc/gnupg/trusted-certs to /etc/ssl/certs so
> that dirmngr looks in the Mozilla certificate library.
Not a too good idea becuase these certificates are used for a different
purpose.
FWIW, here is the list of internal certificate classes used:
CERTTRUST_CLASS_SYSTEM = 1, /* From the system's list of trusted certs. */
CERTTRUST_CLASS_CONFIG = 2, /* From dirmngr's config files. */
CERTTRUST_CLASS_HKP = 4, /* From --hkp-cacert */
CERTTRUST_CLASS_HKPSPOOL= 8, /* The one and only from sks-keyservers */
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210731/619dab4b/attachment.sig>
More information about the Gnupg-users
mailing list