From afb8696126ff0babaab23e884ff5da008281e3b7 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Mon, 19 Oct 2015 23:48:30 -0400
Subject: dirmngr: Use sks-keyservers CA by default for the hkps pool.

* dirmngr/Makefile.am (dist_pkgdata_DATA): Add sks-keyservers.netCA.pem.
* dirmngr/http.c (http_session_new): Add optional arg
intended_hostname and set a default cert.
* dirmngr/ks-engine-hkp.c (send_request): Pass httphost to
http_session_new.
--

Ship the certificate for the sks-keyservers hkps pool.  If the user
has specified that they want to use
hkps://hkps.pool.sks-keyservers.net, and they have not specified any
hkp-cacert explicitly, then initialize the trust path with this
specific trust anchor.

Co-authored-by: wk@gnupg.org
Signed-off-by: Werner Koch <wk@gnupg.org>
---
 dirmngr/t-http.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'dirmngr/t-http.c')

diff --git a/dirmngr/t-http.c b/dirmngr/t-http.c
index 63662a286..9d5ea5fd2 100644
--- a/dirmngr/t-http.c
+++ b/dirmngr/t-http.c
@@ -262,7 +262,7 @@ main (int argc, char **argv)
   http_register_tls_callback (verify_callback);
   http_register_tls_ca (cafile);
 
-  err = http_session_new (&session, NULL);
+  err = http_session_new (&session, NULL, NULL);
   if (err)
     log_error ("http_session_new failed: %s\n", gpg_strerror (err));
 
-- 
cgit v1.2.3