how to authenticate an ldaps keyserver lookup

'David Shaw' dshaw at jabberwocky.com
Thu Jun 15 14:03:23 CEST 2006


On Thu, Jun 15, 2006 at 07:14:57AM +0200, Ralf Hauser wrote:
> David,
> 
> Thanks - your hint on v1.4.3 solved the bind problem.
> > > Furthermore, when trying to do that with apache's ldap server, it did
> > not like the SSL it got from my gpg
> > (http://issues.apache.org/jira/browse/DIR-185).
> > 
> > Try adding "keyserver-options debug=1" and running it again to get
> > some idea what GPG is seeing.
> Since I didn't find a 1.4.3 version for Linux or windows with TLS support enabled, I am doing my other experiments with cygwin 1.4.2 version (without the bind).
> 
> The "unknown_ca" error (reported in the above issue tracker 185) I saw on the server (directory.apache.org) side apparently was issued by the gpg client.
> 
> For other ldapclients such as EQ or command-line ldapsearch, we solved that by creating a ~/.ldaprc file and either adding the server key with
>    TLS_CACERT /path/to/cacert.pem

   keyserver-options ca-cert-file=/path/to/cacert.pem

> or reducing the protection by adding
>    TLS_REQCERT never

   keyserver-options no-check-cert

Again, though, these are 1.4.3 features.  They won't work on your
1.4.2.

David



More information about the Gnupg-users mailing list