diff options
| author | Daniel Kahn Gillmor <[email protected]> | 2019-06-30 15:54:35 +0000 |
|---|---|---|
| committer | Daniel Kahn Gillmor <[email protected]> | 2019-06-30 16:10:43 +0000 |
| commit | 1c9cc97e9d47d73763810dcb4a36b6cdf31a2254 (patch) | |
| tree | 9cbe780d9af07b0280c024f3fd79bc38746ccd36 | |
| parent | spelling: Fix "synchronize" (diff) | |
| download | gnupg-dkg-fix-T4593.tar.gz gnupg-dkg-fix-T4593.zip | |
dirmngr: Only use SKS pool CA for SKS pooldkg-fix-T4593
* dirmngr/http.c (http_session_new): when checking whether the
keyserver is the HKPS pool, check specifically against the pool name,
as ./configure might have been used to select a different default
keyserver. It makes no sense to apply Kristian's certificate
authority to anything other than the literal host
hkps.pool.sks-keyservers.net.
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
GnuPG-Bug-Id: 4593
| -rw-r--r-- | dirmngr/http.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/dirmngr/http.c b/dirmngr/http.c index 384f2569d..8e5d53939 100644 --- a/dirmngr/http.c +++ b/dirmngr/http.c @@ -767,7 +767,7 @@ http_session_new (http_session_t *r_session, is_hkps_pool = (intended_hostname && !ascii_strcasecmp (intended_hostname, - get_default_keyserver (1))); + "hkps.pool.sks-keyservers.net")); /* If the user has not specified a CA list, and they are looking * for the hkps pool from sks-keyservers.net, then default to |