From 9db6547a00cded92c00c8f8382b1b605be1027d2 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Tue, 6 Oct 2015 13:10:26 +0200
Subject: [PATCH] dirmngr: Do tilde expansion for --hkp-cacert.

* dirmngr/dirmngr.c (parse_rereadable_options): Do tilde expansion and
check for cert file existance in option --hkp-cacert.
--

GnuPG-bug-id: 2120
Signed-off-by: Werner Koch <wk@gnupg.org>
---
 dirmngr/dirmngr.c     | 15 ++++++++++++++-
 doc/dirmngr.texi      |  2 +-
 g10/dirmngr-conf.skel |  2 +-
 3 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
index 847a65d51..a32040e7b 100644
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@@ -580,7 +580,20 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
     case oMaxReplies: opt.max_replies = pargs->r.ret_int; break;
 
     case oHkpCaCert:
-      http_register_tls_ca (pargs->r.ret_str);
+      {
+        char *tmpname;
+
+        /* Do tilde expansion and print a warning if the file can't be
+           accessed.  */
+        tmpname = make_absfilename_try (pargs->r.ret_str, NULL);
+        if (!tmpname || access (tmpname, F_OK))
+          log_info (_("can't access '%s': %s\n"),
+                    tmpname? tmpname : pargs->r.ret_str,
+                    gpg_strerror (gpg_error_from_syserror()));
+        else
+          http_register_tls_ca (tmpname);
+        xfree (tmpname);
+      }
       break;
 
     case oIgnoreCertExtension:
diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi
index a5bcc73d9..18e818975 100644
--- a/doc/dirmngr.texi
+++ b/doc/dirmngr.texi
@@ -433,7 +433,7 @@ Use the root certificates in @var{file} for verification of the TLS
 certificates used with @code{hkps} (keyserver access over TLS).  If
 the file is in PEM format a suffix of @code{.pem} is expected for
 @var{file}.  This option may be given multiple times to add more
-root certificates.
+root certificates.  Tilde expansion is supported.
 
 @end table
 
diff --git a/g10/dirmngr-conf.skel b/g10/dirmngr-conf.skel
index 0888fb7f4..88578439e 100644
--- a/g10/dirmngr-conf.skel
+++ b/g10/dirmngr-conf.skel
@@ -56,6 +56,6 @@ keyserver hkp://keys.gnupg.net
 # used for the connection.  Enter the full name of a file with the
 # root certificates here.  If that file is in PEM format a ".pem"
 # suffix is expected.  This option may be given multiple times to add
-# more root certificates.
+# more root certificates.  Tilde expansion is supported.
 
 #hkp-cacert /path/to/CA/sks-keyservers.netCA.pem