From 24da4d0207c8d3c7586871dac3eea9d2a0b864c3 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Sun, 14 Mar 2010 03:06:32 -0400
Subject: [PATCH] enable use of hkps (closes: MS #1749)

---
 man/man8/monkeysphere-authentication.8 | 5 +++++
 src/share/ma/setup                     | 1 +
 2 files changed, 6 insertions(+)

diff --git a/man/man8/monkeysphere-authentication.8 b/man/man8/monkeysphere-authentication.8
index 8732157..ea9debd 100644
--- a/man/man8/monkeysphere-authentication.8
+++ b/man/man8/monkeysphere-authentication.8
@@ -177,6 +177,11 @@ false may expose users to abuse by other users on the system. (true)
 /etc/monkeysphere/monkeysphere\-authentication.conf
 System monkeysphere-authentication config file.
 .TP
+/etc/monkeysphere/monkeysphere\-authentication\-x509\-anchors.crt
+If monkeysphere-authentication is configured to query an hkps
+keyserver, it will use X.509 Certificate Authority certificates in
+this file to validate any X.509 certificates used by the keyserver.
+.TP
 /var/lib/monkeysphere/authorized_keys/USER
 Monkeysphere-generated user authorized_keys files.
 .TP
diff --git a/src/share/ma/setup b/src/share/ma/setup
index 6c75fef..f965487 100644
--- a/src/share/ma/setup
+++ b/src/share/ma/setup
@@ -43,6 +43,7 @@ EOF
 # Edits will be overwritten.
 no-greeting
 list-options show-uid-validity
+keyserver-options ca-cert-file=${SYSCONFIGDIR}/monkeysphere-authentication-x509-anchors.crt
 EOF
 
     # make sure the monkeysphere user owns everything in the sphere
-- 
2.25.1