When using release 2.2.7, I have found that if a certificate exists in the system certificates configuration under Windows, dirmngr ignores the same certificate if it is present in trusted-certificates folder. The impact of this is when using fetch-crl of dirmngr, if the chain being imported requires a trust relationship between the certificates, it does not created this trust and is unable to import the full crl chain i.e. the trust that should be created from using the trusted-certificates folder is not set.
I notice there is a parameter in the code for --systrust however, this does not seem to be exposed for dirmngr to control it. From the code, this appears to support a mask which controls the trust relationship of system certificates, trusted-certificates and how the CRL processing handles these.
How can I access this parameter on windows?
Is there an exposed parameter on windows that allows me to say trust all read in certificates so that I can work around this issue?