dirmngr: Load --hkp-cacert values into the certificate cache.

* dirmngr/dirmngr.c (hkp_cacert_filenames): New var.
(parse_rereadable_options): Store filenames from --hkp-cacert in the
new var.
(main, dirmngr_sighup_action): Pass that var to cert_cache_init.
* dirmngr/certcache.c (cert_cache_init): Add arg 'hkp_cacert' and load
those certs.
(load_certs_from_file): Use autodetect so that PEM and DER encodings
are possible.

Signed-off-by: Werner Koch <wk@gnupg.org>

1 files changed, 8 insertions, 2 deletions

diff --git a/dirmngr/certcache.c b/dirmngr/certcache.c
index 61be57efd..47eea25cc 100644
--- a/dirmngr/certcache.c
+++ b/dirmngr/certcache.c
@@ -471,7 +471,8 @@ load_certs_from_file (const char *fname, unsigned int trustclasses,
     }
 
   err = gnupg_ksba_create_reader (&ioctx,
-                                  (GNUPG_KSBA_IO_PEM | GNUPG_KSBA_IO_MULTIPEM),
+                                  (GNUPG_KSBA_IO_AUTODETECT
+                                   | GNUPG_KSBA_IO_MULTIPEM),
                                   fp, &reader);
   if (err)
     {
@@ -686,9 +687,10 @@ load_certs_from_system (void)
 
 /* Initialize the certificate cache if not yet done.  */
 void
-cert_cache_init (void)
+cert_cache_init (strlist_t hkp_cacerts)
 {
   char *fname;
+  strlist_t sl;
 
   if (initialization_done)
     return;
@@ -707,6 +709,10 @@ cert_cache_init (void)
     load_certs_from_dir (fname, 0);
   xfree (fname);
 
+  for (sl = hkp_cacerts; sl; sl = sl->next)
+    load_certs_from_file (sl->d, CERTTRUST_CLASS_HKP, 0);
+
+
   fname = make_filename_try (gnupg_datadir (),
                              "sks-keyservers.netCA.pem", NULL);
   if (fname)