dirmngr: Use system provided root CAs with KS_FETCH.

* dirmngr/ks-engine-http.c (ks_http_fetch): Use HTTP_FLAG_TRUST_SYS. Signed-off-by: Werner Koch <[email protected]>
author: Werner Koch <[email protected]> 2016-04-27 06:18:37 +0000
committer: Werner Koch <[email protected]> 2016-04-27 06:18:37 +0000
commit: c3aeda82b8d00b87a5af72b4075c487c10dfdf6b (patch)
tree: 53e6c1d81c7ca2fab85d71bc88340bedd3cc6cd6 /dirmngr/ks-engine-http.c
parent: http: Allow to request system defined CAs for TLS. (diff)
download: gnupg-c3aeda82b8d00b87a5af72b4075c487c10dfdf6b.tar.gz
gnupg-c3aeda82b8d00b87a5af72b4075c487c10dfdf6b.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/dirmngr/ks-engine-http.c b/dirmngr/ks-engine-http.c
index b996c2573..00d0c4b80 100644
--- a/dirmngr/ks-engine-http.c
+++ b/dirmngr/ks-engine-http.c
@@ -73,7 +73,9 @@ ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp)
   estream_t fp = NULL;
   char *request_buffer = NULL;
 
-  err = http_session_new (&session, NULL, NULL, HTTP_FLAG_TRUST_DEF);
+  /* Note that we only use the system provided certificates with the
+   * fetch command.  */
+  err = http_session_new (&session, NULL, NULL, HTTP_FLAG_TRUST_SYS);
   if (err)
     goto leave;
   http_session_set_log_cb (session, cert_log_cb);
author	Werner Koch <[email protected]>	2016-04-27 06:18:37 +0000
committer	Werner Koch <[email protected]>	2016-04-27 06:18:37 +0000
commit	c3aeda82b8d00b87a5af72b4075c487c10dfdf6b (patch)
tree	53e6c1d81c7ca2fab85d71bc88340bedd3cc6cd6 /dirmngr/ks-engine-http.c
parent	http: Allow to request system defined CAs for TLS. (diff)
download	gnupg-c3aeda82b8d00b87a5af72b4075c487c10dfdf6b.tar.gz gnupg-c3aeda82b8d00b87a5af72b4075c487c10dfdf6b.zip