2 files changed, 17 insertions, 2 deletions

diff --git a/src/share/ma/setup b/src/share/ma/setup
index f965487..3c82c45 100644
--- a/src/share/ma/setup
+++ b/src/share/ma/setup
@@ -36,6 +36,14 @@ setup() {
 no-greeting
 EOF
 
+    KEYSERVER_OPTIONS=""
+    for anchorfile in "${SYSCONFIGDIR}/monkeysphere-authentication-x509-anchors.crt" "${SYSCONFIGDIR}/monkeysphere-x509-anchors.crt"; do
+        if [ -z "$KEYSERVER_OPTIONS" ] && [ -r "$anchorfile" ] ; then
+            KEYSERVER_OPTIONS="keyserver-options ca-cert-file=$anchorfile"
+            log debug "using $anchorfile for keyserver X.509 anchor"
+        fi
+    done
+
     log debug "writing sphere gpg.conf..."
     cat >"${GNUPGHOME_SPHERE}"/gpg.conf <<EOF
 # Monkeysphere trust sphere GnuPG configuration
@@ -43,7 +51,7 @@ EOF
 # Edits will be overwritten.
 no-greeting
 list-options show-uid-validity
-keyserver-options ca-cert-file=${SYSCONFIGDIR}/monkeysphere-authentication-x509-anchors.crt
+${KEYSERVER_OPTIONS}
 EOF
 
     # make sure the monkeysphere user owns everything in the sphere
diff --git a/src/share/mh/publish_key b/src/share/mh/publish_key
index f1c1723..72d2693 100644
--- a/src/share/mh/publish_key
+++ b/src/share/mh/publish_key
@@ -40,9 +40,16 @@ trap "rm -rf $GNUPGHOME" EXIT
 su_monkeysphere_user \
     "gpg --quiet --import" <"$HOST_KEY_FILE"
 
+KEYSERVER_OPTIONS=""
+for anchorfile in "${SYSCONFIGDIR}/monkeysphere-host-x509-anchors.crt" "${SYSCONFIGDIR}/monkeysphere-x509-anchors.crt"; do
+    if [ -z "$KEYSERVER_OPTIONS" ] && [ -r "$anchorfile"  ] ; then
+        KEYSERVER_OPTIONS="--keyserver-options 'ca-cert-file=$anchorfile'"
+    fi
+done
+
 # publish key
 su_monkeysphere_user \
-    "gpg --keyserver $KEYSERVER --send-keys '0x${keyID}!'"
+    "gpg --keyserver $KEYSERVER $KEYSERVER_OPTIONS --send-keys '0x${keyID}!'"
 
 # remove the tmp file
 trap - EXIT