dirmngr: Only use SKS pool CA for SKS pool

* dirmngr/http.c (http_session_new): when checking whether the keyserver is the HKPS pool, check specifically against the pool name, as ./configure might have been used to select a different default keyserver. It makes no sense to apply Kristian's certificate authority to anything other than the literal host hkps.pool.sks-keyservers.net. Signed-off-by: Daniel Kahn Gillmor <[email protected]> Gbp-Pq: Name dirmngr-Only-use-SKS-pool-CA-for-SKS-pool.patch
author: Daniel Kahn Gillmor <[email protected]> 2019-06-30 15:54:35 +0000
committer: Daniel Kahn Gillmor <[email protected]> 2019-07-20 18:16:20 +0000
commit: 263a07f04d138d9c1398568642f3a8e9e3d8fea0 (patch)
tree: ff1dda6ab5d215cb87c93e4e83a6adff4b0eab51
parent: gpg: accept subkeys with a good revocation but no self-sig during import (diff)
download: gnupg-263a07f04d138d9c1398568642f3a8e9e3d8fea0.tar.gz
gnupg-263a07f04d138d9c1398568642f3a8e9e3d8fea0.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/dirmngr/http.c b/dirmngr/http.c
index d2456c6dc..2643a2b56 100644
--- a/dirmngr/http.c
+++ b/dirmngr/http.c
@@ -767,7 +767,7 @@ http_session_new (http_session_t *r_session,
 
     is_hkps_pool = (intended_hostname
                     && !ascii_strcasecmp (intended_hostname,
-                                          get_default_keyserver (1)));
+                                          "hkps.pool.sks-keyservers.net"));
 
     /* If the user has not specified a CA list, and they are looking
      * for the hkps pool from sks-keyservers.net, then default to
author	Daniel Kahn Gillmor <[email protected]>	2019-06-30 15:54:35 +0000
committer	Daniel Kahn Gillmor <[email protected]>	2019-07-20 18:16:20 +0000
commit	263a07f04d138d9c1398568642f3a8e9e3d8fea0 (patch)
tree	ff1dda6ab5d215cb87c93e4e83a6adff4b0eab51
parent	gpg: accept subkeys with a good revocation but no self-sig during import (diff)
download	gnupg-263a07f04d138d9c1398568642f3a8e9e3d8fea0.tar.gz gnupg-263a07f04d138d9c1398568642f3a8e9e3d8fea0.zip