how to authenticate an ldaps keyserver lookup
'David Shaw'
dshaw at jabberwocky.com
Thu Jun 15 14:03:23 CEST 2006
On Thu, Jun 15, 2006 at 07:14:57AM +0200, Ralf Hauser wrote:
> David,
>
> Thanks - your hint on v1.4.3 solved the bind problem.
> > > Furthermore, when trying to do that with apache's ldap server, it did
> > not like the SSL it got from my gpg
> > (http://issues.apache.org/jira/browse/DIR-185).
> >
> > Try adding "keyserver-options debug=1" and running it again to get
> > some idea what GPG is seeing.
> Since I didn't find a 1.4.3 version for Linux or windows with TLS support enabled, I am doing my other experiments with cygwin 1.4.2 version (without the bind).
>
> The "unknown_ca" error (reported in the above issue tracker 185) I saw on the server (directory.apache.org) side apparently was issued by the gpg client.
>
> For other ldapclients such as EQ or command-line ldapsearch, we solved that by creating a ~/.ldaprc file and either adding the server key with
> TLS_CACERT /path/to/cacert.pem
keyserver-options ca-cert-file=/path/to/cacert.pem
> or reducing the protection by adding
> TLS_REQCERT never
keyserver-options no-check-cert
Again, though, these are 1.4.3 features. They won't work on your
1.4.2.
David
More information about the Gnupg-users
mailing list