dirmngr: Do tilde expansion for --hkp-cacert.

* dirmngr/dirmngr.c (parse_rereadable_options): Do tilde expansion and
check for cert file existance in option --hkp-cacert.
--

GnuPG-bug-id: 2120
Signed-off-by: Werner Koch <wk@gnupg.org>

dirmngr/dirmngr.c

@@ -580,7 +580,20 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
     case oMaxReplies: opt.max_replies = pargs->r.ret_int; break;
 
     case oHkpCaCert:
-      http_register_tls_ca (pargs->r.ret_str);
+      {
+        char *tmpname;
+
+        /* Do tilde expansion and print a warning if the file can't be
+           accessed.  */
+        tmpname = make_absfilename_try (pargs->r.ret_str, NULL);
+        if (!tmpname || access (tmpname, F_OK))
+          log_info (_("can't access '%s': %s\n"),
+                    tmpname? tmpname : pargs->r.ret_str,
+                    gpg_strerror (gpg_error_from_syserror()));
+        else
+          http_register_tls_ca (tmpname);
+        xfree (tmpname);
+      }
       break;
 
     case oIgnoreCertExtension:

doc/dirmngr.texi

@@ -433,7 +433,7 @@ Use the root certificates in @var{file} for verification of the TLS
 certificates used with @code{hkps} (keyserver access over TLS).  If
 the file is in PEM format a suffix of @code{.pem} is expected for
 @var{file}.  This option may be given multiple times to add more
-root certificates.
+root certificates.  Tilde expansion is supported.
 
 @end table
 

g10/dirmngr-conf.skel

@@ -56,6 +56,6 @@ keyserver hkp://keys.gnupg.net
 # used for the connection.  Enter the full name of a file with the
 # root certificates here.  If that file is in PEM format a ".pem"
 # suffix is expected.  This option may be given multiple times to add
-# more root certificates.
+# more root certificates.  Tilde expansion is supported.
 
 #hkp-cacert /path/to/CA/sks-keyservers.netCA.pem