X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:to:from:subject:date:message-id:references
	:mime-version:content-type:content-transfer-encoding
	:in-reply-to; q=dns; s=default; b=tiKCTdAkSVjR5QYnJL2vZYaMAeFQsG
	EP2iAiGGeYEVVw1tgKajZ2KGpFWgH1FeaCvb/mQhckkTCQ0o3/BjOJplf7ypRFec
	am9o1XlIAl6YCWUc2KAX7sFfPb4jWz9ZlvK0CibAxWQ8tnculJBj0t0PNEVLAVSS
	XhW2ucHfsSTnk=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:to:from:subject:date:message-id:references
	:mime-version:content-type:content-transfer-encoding
	:in-reply-to; s=default; bh=gpTpPzHzDuF/w0zK4tVUp6N2RaM=; b=Ik3x
	lP1JhCutlaEi2Gj3nwcII7xkYfEDwrKIe+XpTYHo29JUX5oItzTbobeMt4CIvG+4
	nuTxFTvth6UhDTEZuVMlHMcfZMx9KnwVLgnT2czMXyfOln9v6trcE6Xgz68tgrHP
	gU8tdiyZCrci8UWAx64GZ9vC4AkX/6HM5ZhKUa0=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=1.8 required=5.0 tests=BAYES_50,FREEMAIL_FROM,KAM_LAZY_DOMAIN_SECURITY autolearn=no version=3.3.2 spammy=H*UA:en-US, H*u:en-US, H*u:5.1, UD:mit.edu
X-HELO: blaine.gmane.org
To: cygwin AT cygwin DOT com
From: =?UTF-8?Q?Ren=c3=a9_Berber?= <rene DOT berber AT gmail DOT com>
Subject: Re: gpg ca-cert-file=[which file???]
Date: Sat, 15 Jul 2017 20:24:11 -0500
Lines: 26
Message-ID: <okef84$e7f$1@blaine.gmane.org>
References: <CAD8GWsvT9rgHz+vcdBmX-opfckZS8g06_Px57JCNG_xCT_ku6A AT mail DOT gmail DOT com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.19) Gecko/20081209 Lightning/0.9 Thunderbird/2.0.0.19 Mnenhy/0.7.6.0
In-Reply-To: <CAD8GWsvT9rgHz+vcdBmX-opfckZS8g06_Px57JCNG_xCT_ku6A@mail.gmail.com>
X-IsSubscribed: yes

On 7/15/2017 1:40 PM, Lee wrote:

[snip]
> in my ~/.gnupg/gpg.conf so I can do auto-key-retrieve securely ... or
> at least over an encrypted channel.  But what file should I be using
> as the ca-cert file?

You should be using the "system" files.

On Cygwin that means installing the ca-certificates package (currently
version 2.14-1).  They are installed in a location where the SSL package
expects them, you don't have to go look for them, and shouldn't need to
specify its location (a directory) on your gpg.conf

[snip]
> $ grep "^keyserver" ~/.gnupg/gpg.conf
> keyserver hkps://pgp.mit.edu/
> keyserver-options check-cert=on
> keyserver-options ca-cert-file=/etc/pki/tls/cert.pem

Wrong cert actually, I don't know why you say it worked.

The cert that should have matched is the one used by the key server, not
by you.
-- 
R. Berber


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple