aboutsummaryrefslogtreecommitdiffstats
path: root/dirmngr/http-ntbtls.c
diff options
context:
space:
mode:
authorWerner Koch <[email protected]>2017-09-18 20:49:05 +0000
committerWerner Koch <[email protected]>2017-09-18 20:49:05 +0000
commitdf692a6167be5486f9a29da003a00292fd895176 (patch)
tree10d83f1fa7a1b46b59e9301c22ddc11a7b2b9cdc /dirmngr/http-ntbtls.c
parentpo: Minor Grammar update of the Greek translation (diff)
downloadgnupg-df692a6167be5486f9a29da003a00292fd895176.tar.gz
gnupg-df692a6167be5486f9a29da003a00292fd895176.zip
dirmngr: Use system certs if --hkp-cacert is not used.
* dirmngr/certcache.c (any_cert_of_class): New var. (put_cert): Set it. (cert_cache_deinit): Clear it. (cert_cache_any_in_class): New func. * dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Add hack to override empty list of HKP certs. -- This patch carries the changes for GNUTLS from commit 7c1613d41566f7d8db116790087de323621205fe over to NTBTLS. NTBTLS works quite different and thus we need to do it this way. Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'dirmngr/http-ntbtls.c')
-rw-r--r--dirmngr/http-ntbtls.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/dirmngr/http-ntbtls.c b/dirmngr/http-ntbtls.c
index 250db556c..ea66a4d73 100644
--- a/dirmngr/http-ntbtls.c
+++ b/dirmngr/http-ntbtls.c
@@ -91,6 +91,12 @@ gnupg_http_tls_verify_cb (void *opaque,
validate_flags |= VALIDATE_FLAG_TRUST_HKP;
if ((http_flags & HTTP_FLAG_TRUST_SYS))
validate_flags |= VALIDATE_FLAG_TRUST_SYSTEM;
+
+ /* If HKP trust is requested and there are no HKP certificates
+ * configured, also try thye standard system certificates. */
+ if ((validate_flags & VALIDATE_FLAG_TRUST_HKP)
+ && !cert_cache_any_in_class (CERTTRUST_CLASS_HKP))
+ validate_flags |= VALIDATE_FLAG_TRUST_SYSTEM;
}
if ((http_flags & HTTP_FLAG_NO_CRL))
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-27 10:49:16 +0000