dirmngr: Wrong certificate error?

Patrick Brunschwig patrick at enigmail.net
Wed Aug 3 19:53:17 CEST 2016

On 01.08.16 22:33, Daniel Kahn Gillmor wrote:
> fwiw, your gnutls-cli invocation's output looks like:
>> Error setting the x509 trust file
>> Resolving 'keys.mailvelope.com:443'...
>> Connecting to ''...
>> - Certificate type: X.509
> but "gnutls-cli keys.mailvelope.com" works for me, so i suspect you have
> something misconfigured with your gnutls installation.  i see the start
> of the output as:
>> Processed 151 CA certificate(s).
>> Resolving 'keys.mailvelope.com'...
>> Connecting to ''...
>> - Certificate type: X.509
> maybe you need to look at the system-level trust store on your gnutls
> installation?

Well yes, on Mac OS X, the system-level trust store of my self-compiled
gnutls installation is empty. It's not surprising that gnutls can't read
the root certificates from Apple's Keychain.

I exported Apple's root certificates into my gnutls root store, and it
works now correctly.


More information about the Gnupg-devel mailing list