diff options
| author | Werner Koch <[email protected]> | 2016-04-27 06:18:37 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2016-04-27 06:18:37 +0000 |
| commit | c3aeda82b8d00b87a5af72b4075c487c10dfdf6b (patch) | |
| tree | 53e6c1d81c7ca2fab85d71bc88340bedd3cc6cd6 | |
| parent | http: Allow to request system defined CAs for TLS. (diff) | |
| download | gnupg-c3aeda82b8d00b87a5af72b4075c487c10dfdf6b.tar.gz gnupg-c3aeda82b8d00b87a5af72b4075c487c10dfdf6b.zip | |
dirmngr: Use system provided root CAs with KS_FETCH.
* dirmngr/ks-engine-http.c (ks_http_fetch): Use HTTP_FLAG_TRUST_SYS.
Signed-off-by: Werner Koch <[email protected]>
| -rw-r--r-- | dirmngr/ks-engine-http.c | 4 | ||||
| -rw-r--r-- | doc/gpg.texi | 3 |
2 files changed, 5 insertions, 2 deletions
diff --git a/dirmngr/ks-engine-http.c b/dirmngr/ks-engine-http.c index b996c2573..00d0c4b80 100644 --- a/dirmngr/ks-engine-http.c +++ b/dirmngr/ks-engine-http.c @@ -73,7 +73,9 @@ ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp) estream_t fp = NULL; char *request_buffer = NULL; - err = http_session_new (&session, NULL, NULL, HTTP_FLAG_TRUST_DEF); + /* Note that we only use the system provided certificates with the + * fetch command. */ + err = http_session_new (&session, NULL, NULL, HTTP_FLAG_TRUST_SYS); if (err) goto leave; http_session_set_log_cb (session, cert_log_cb); diff --git a/doc/gpg.texi b/doc/gpg.texi index 781a18828..0c43c55bd 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -476,7 +476,8 @@ only LDAP supports them all. @opindex fetch-keys Retrieve keys located at the specified URIs. Note that different installations of GnuPG may support different protocols (HTTP, FTP, -LDAP, etc.) +LDAP, etc.). When using HTTPS the system provided root certificates +are used by this command. @item --update-trustdb @opindex update-trustdb |