Failure to publish key when using hkps: CAfile: none
I extended the expiration date on george's ssh:// key, as it is about to expire in a couple days. I then went to publish the key, but it fails to publish to the configured hkps keyserver, as set in /etc/monkeysphere/monkeysphere-host.conf:
# OpenPGP keyserver KEYSERVER=hkps://zimmermann.mayfirst.org
It fails because there is no CAfile configured in the gnupg.conf:
0 george:/etc/monkeysphere# MONKEYSPHERE_LOG_LEVEL=DEBUG monkeysphere-host publish-key Really publish key 'CCAB23AD837EA3D2948CFA877353A74E3B757F8C' to hkps://zimmermann.mayfirst.org? (Y/n) y gpg: sending key 3B757F8C to hkps server zimmermann.mayfirst.org gpgkeys: HTTP post error 60: server certificate verification failed. CAfile: none gpg: keyserver internal error gpg: keyserver send failed: keyserver error 2 george:/etc/monkeysphere#
Where can that CAfile be configured? According to the george changelog:
2010-03-31 - dkg * put MFPL CA certificate in /usr/share/ca-certificates/mfpl.crt, and pointed /etc/monkeysphere/monkeysphere-authentication-x509-anchors.crt to it to enable easy switch to hkps the future.
but I don't see how that is hooked into the gpg that monkeysphere-host invokes.
(from redmine: created on 2010-05-06, closed on 2010-05-06, relates #2289 (closed))