On Thu, 23 Feb 2023 11:22, Alexander Grahn said: > Should an ldap host answer on ping requests in general? Because the one in
Pinging arbitrary servers does often work because too many admins tend to block ICMP echo. An LDAP server is commonly behind some load balancer and thus a ping won't help you anyway. > question, ldap.dgnservice.de, remains silent. I tried with other hosts picked Works for me. $ dirmngr --debug network --fetch-crl 'ldap://ldap.dgnservice.de:389/CN=CRL-1,O=DGN%20Service%20GmbH,C=DE?certificateRevocationList?base?objectClass=cRLDistributionPoint' dirmngr[27784.0]: dirmngr_ldap[27786]: found attribute 'certificateRevocationList;binary' dirmngr[27784.0]: update times of this CRL: this=20230222T230000 next=20230324T230000 dirmngr[27784.0]: locating CRL issuer certificate by authorityKeyIdentifier dirmngr[27784.0]: DBG: find_cert_bysubject: certificate not in cache dirmngr[27784.0]: DBG: get_cert_local_ski called w/o context Thus it could read the CRL (see the update times) but for verification a certificate is missing. That is a problem with the fetch-crl command of dirmngr. I will closer at the problem and thus I need to improve the error reporting. Shalom-Salam, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein
openpgp-digital-signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
