From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <cygwin-return-209074-listarch-cygwin=sourceware.org@cygwin.com>
Received: (qmail 66533 invoked by alias); 16 Jul 2017 01:24:54 -0000
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Received: (qmail 66505 invoked by uid 89); 16 Jul 2017 01:24:51 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=1.8 required=5.0 tests=BAYES_50,FREEMAIL_FROM,KAM_LAZY_DOMAIN_SECURITY autolearn=no version=3.3.2 spammy=H*UA:en-US, H*u:en-US, H*u:5.1, UD:mit.edu
X-HELO: blaine.gmane.org
Received: from Unknown (HELO blaine.gmane.org) (195.159.176.226) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Sun, 16 Jul 2017 01:24:50 +0000
Received: from list by blaine.gmane.org with local (Exim 4.84_2)	(envelope-from <goc-cygwin@m.gmane.org>)	id 1dWYIU-0004AN-Vu	for cygwin@cygwin.com; Sun, 16 Jul 2017 03:24:34 +0200
To: cygwin@cygwin.com
From: =?UTF-8?Q?Ren=c3=a9_Berber?= <rene.berber@gmail.com>
Subject: Re: gpg ca-cert-file=[which file???]
Date: Sun, 16 Jul 2017 04:56:00 -0000
Message-ID: <okef84$e7f$1@blaine.gmane.org>
References: <CAD8GWsvT9rgHz+vcdBmX-opfckZS8g06_Px57JCNG_xCT_ku6A@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.19) Gecko/20081209 Lightning/0.9 Thunderbird/2.0.0.19 Mnenhy/0.7.6.0
In-Reply-To: <CAD8GWsvT9rgHz+vcdBmX-opfckZS8g06_Px57JCNG_xCT_ku6A@mail.gmail.com>
X-IsSubscribed: yes
X-SW-Source: 2017-07/txt/msg00243.txt.bz2

On 7/15/2017 1:40 PM, Lee wrote:

[snip]
> in my ~/.gnupg/gpg.conf so I can do auto-key-retrieve securely ... or
> at least over an encrypted channel.  But what file should I be using
> as the ca-cert file?

You should be using the "system" files.

On Cygwin that means installing the ca-certificates package (currently
version 2.14-1).  They are installed in a location where the SSL package
expects them, you don't have to go look for them, and shouldn't need to
specify its location (a directory) on your gpg.conf

[snip]
> $ grep "^keyserver" ~/.gnupg/gpg.conf
> keyserver hkps://pgp.mit.edu/
> keyserver-options check-cert=on
> keyserver-options ca-cert-file=/etc/pki/tls/cert.pem

Wrong cert actually, I don't know why you say it worked.

The cert that should have matched is the one used by the key server, not
by you.
-- 
R. Berber


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple