3 files changed, 23 insertions, 5 deletions

diff --git a/NEWS b/NEWS
index 32c9d64d0..839e3dbee 100644
--- a/NEWS
+++ b/NEWS
@@ -32,6 +32,9 @@ Noteworthy changes in version 2.2.42 (unreleased)
 
   * dirmngr: Backport of the AD_QUERY command.  [rG2a3bad5985]
 
+  * dirmngr: Support config value "none" to disable the default
+    keyserver.  [T6708]
+
   * wkd: Use export-clean for gpg-wks-client's --mirror and --create
     commands.  [rG505e770b4c]
 
diff --git a/dirmngr/server.c b/dirmngr/server.c
index a8642bd23..e7c123b0f 100644
--- a/dirmngr/server.c
+++ b/dirmngr/server.c
@@ -2179,6 +2179,7 @@ ensure_keyserver (ctrl_t ctrl)
   uri_item_t plain_items = NULL;
   uri_item_t ui;
   strlist_t sl;
+  int none_seen = 1;
 
   if (ctrl->server_local->keyservers)
     return 0; /* Already set for this session.  */
@@ -2191,6 +2192,11 @@ ensure_keyserver (ctrl_t ctrl)
 
   for (sl = opt.keyserver; sl; sl = sl->next)
     {
+      if (!strcmp (sl->d, "none"))
+        {
+          none_seen = 1;
+          continue;
+        }
       err = make_keyserver_item (sl->d, &item);
       if (err)
         goto leave;
@@ -2206,6 +2212,12 @@ ensure_keyserver (ctrl_t ctrl)
         }
     }
 
+  if (none_seen && !plain_items && !onion_items)
+    {
+      err = gpg_error (GPG_ERR_NO_KEYSERVER);
+      goto leave;
+    }
+
   /* Decide which to use.  Note that the session has no keyservers
      yet set. */
   if (onion_items && !onion_items->next && plain_items && !plain_items->next)
@@ -2276,8 +2288,7 @@ cmd_keyserver (assuan_context_t ctx, char *line)
   gpg_error_t err = 0;
   int clear_flag, add_flag, help_flag, host_flag, resolve_flag;
   int dead_flag, alive_flag;
-  uri_item_t item = NULL; /* gcc 4.4.5 is not able to detect that it
-                             is always initialized.  */
+  uri_item_t item = NULL;
 
   clear_flag = has_option (line, "--clear");
   help_flag = has_option (line, "--help");
@@ -2343,13 +2354,16 @@ cmd_keyserver (assuan_context_t ctx, char *line)
 
   if (add_flag)
     {
-      err = make_keyserver_item (line, &item);
+      if (!strcmp (line, "none") || !strcmp (line, "hkp://none"))
+        err = 0;
+      else
+        err = make_keyserver_item (line, &item);
       if (err)
         goto leave;
     }
   if (clear_flag)
     release_ctrl_keyservers (ctrl);
-  if (add_flag)
+  if (add_flag && item)
     {
       item->next = ctrl->server_local->keyservers;
       ctrl->server_local->keyservers = item;
diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi
index 7ff296ded..7cb670689 100644
--- a/doc/dirmngr.texi
+++ b/doc/dirmngr.texi
@@ -338,7 +338,8 @@ whether Tor is locally running or not.  The check for a running Tor is
 done for each new connection.
 
 If no keyserver is explicitly configured, dirmngr will use the
-built-in default of @code{https://keyserver.ubuntu.com}.
+built-in default of @code{https://keyserver.ubuntu.com}.  To avoid the
+use of a default keyserver the value @code{none} can be used.
 
 Windows users with a keyserver running on their Active Directory
 may use the short form @code{ldap:///} for @var{name} to access this directory.