From c3aeda82b8d00b87a5af72b4075c487c10dfdf6b Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Wed, 27 Apr 2016 08:18:37 +0200
Subject: dirmngr: Use system provided root CAs with KS_FETCH.

* dirmngr/ks-engine-http.c (ks_http_fetch): Use HTTP_FLAG_TRUST_SYS.

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 dirmngr/ks-engine-http.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'dirmngr/ks-engine-http.c')

diff --git a/dirmngr/ks-engine-http.c b/dirmngr/ks-engine-http.c
index b996c2573..00d0c4b80 100644
--- a/dirmngr/ks-engine-http.c
+++ b/dirmngr/ks-engine-http.c
@@ -73,7 +73,9 @@ ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp)
   estream_t fp = NULL;
   char *request_buffer = NULL;
 
-  err = http_session_new (&session, NULL, NULL, HTTP_FLAG_TRUST_DEF);
+  /* Note that we only use the system provided certificates with the
+   * fetch command.  */
+  err = http_session_new (&session, NULL, NULL, HTTP_FLAG_TRUST_SYS);
   if (err)
     goto leave;
   http_session_set_log_cb (session, cert_log_cb);
-- 
cgit v1.2.3