On Fri, 2 Oct 2015 07:43, p...@ipom.com said:
> dirmngr[6336.0]: setting CA from file
> '/usr/local/share/ca-certificates/sks-keyservers.netCA.crt' failed: ASN1
> parser: Error in TAG.
GNUTLS does not autodetect that format of the certificate thus GnupG
uses the suffix as hint on what to do:
rc = gnutls_certificate_set_x509_trust_file
(sess->certcred, sl->d,
(sl->flags & 1)? GNUTLS_X509_FMT_PEM : GNUTLS_X509_FMT_DER);
if (rc < 0)
log_info ("setting CA from file '%s' failed: %s\n",
sl->d, gnutls_strerror (rc));
The flag tested above is set iff the suffix is ".pem".
> The docs say it should be in PEM format, which it is:
"man dirmngr" shows this:
--hkp-cacert file
Use the root certificates in file for verification of the TLS
certificates used with hkps (keyserver access over TLS). If the
file is in PEM format a suffix of .pem is expected for file.
This option may be given multiple times to add more root
certificates.
Thus I can see no bug here. The detection could be better, though. I
will track this in https://bugs.gnupg.org/gnupg/issue2119
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
