On Thu, Feb 23, 2023 at 04:09:31PM +0100, Werner Koch wrote: > On Thu, 23 Feb 2023 11:22, Alexander Grahn said: > > Should an ldap host answer on ping requests in general? Because the one in > > Pinging arbitrary servers does often work because too many admins tend > to block ICMP echo. An LDAP server is commonly behind some load > balancer and thus a ping won't help you anyway. > > > question, ldap.dgnservice.de, remains silent. I tried with other hosts > > picked > > Works for me. > > $ dirmngr --debug network --fetch-crl > 'ldap://ldap.dgnservice.de:389/CN=CRL-1,O=DGN%20Service%20GmbH,C=DE?certificateRevocationList?base?objectClass=cRLDistributionPoint' > > dirmngr[27784.0]: dirmngr_ldap[27786]: found attribute > 'certificateRevocationList;binary' > dirmngr[27784.0]: update times of this CRL: this=20230222T230000 > next=20230324T230000 > dirmngr[27784.0]: locating CRL issuer certificate by authorityKeyIdentifier > dirmngr[27784.0]: DBG: find_cert_bysubject: certificate not in cache > dirmngr[27784.0]: DBG: get_cert_local_ski called w/o context > > Thus it could read the CRL (see the update times) but for verification a > certificate is missing. That is a problem with the fetch-crl command of > dirmngr. I will closer at the problem and thus I need to improve the > error reporting.
Thank your for your reply. Does it mean that the problem is to be solved on the GnuPG end? Alexander _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
