From afb8696126ff0babaab23e884ff5da008281e3b7 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Mon, 19 Oct 2015 23:48:30 -0400 Subject: dirmngr: Use sks-keyservers CA by default for the hkps pool. * dirmngr/Makefile.am (dist_pkgdata_DATA): Add sks-keyservers.netCA.pem. * dirmngr/http.c (http_session_new): Add optional arg intended_hostname and set a default cert. * dirmngr/ks-engine-hkp.c (send_request): Pass httphost to http_session_new. -- Ship the certificate for the sks-keyservers hkps pool. If the user has specified that they want to use hkps://hkps.pool.sks-keyservers.net, and they have not specified any hkp-cacert explicitly, then initialize the trust path with this specific trust anchor. Co-authored-by: wk@gnupg.org Signed-off-by: Werner Koch --- dirmngr/ks-engine-http.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'dirmngr/ks-engine-http.c') diff --git a/dirmngr/ks-engine-http.c b/dirmngr/ks-engine-http.c index ae128ee12..c51c0ce9d 100644 --- a/dirmngr/ks-engine-http.c +++ b/dirmngr/ks-engine-http.c @@ -65,7 +65,7 @@ ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp) estream_t fp = NULL; char *request_buffer = NULL; - err = http_session_new (&session, NULL); + err = http_session_new (&session, NULL, NULL); if (err) goto leave; http_session_set_log_cb (session, cert_log_cb); -- cgit v1.2.3