diff options
| -rw-r--r-- | dirmngr/ks-engine-http.c | 4 | ||||
| -rw-r--r-- | doc/gpg.texi | 3 |
2 files changed, 5 insertions, 2 deletions
diff --git a/dirmngr/ks-engine-http.c b/dirmngr/ks-engine-http.c index b996c2573..00d0c4b80 100644 --- a/dirmngr/ks-engine-http.c +++ b/dirmngr/ks-engine-http.c @@ -73,7 +73,9 @@ ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp) estream_t fp = NULL; char *request_buffer = NULL; - err = http_session_new (&session, NULL, NULL, HTTP_FLAG_TRUST_DEF); + /* Note that we only use the system provided certificates with the + * fetch command. */ + err = http_session_new (&session, NULL, NULL, HTTP_FLAG_TRUST_SYS); if (err) goto leave; http_session_set_log_cb (session, cert_log_cb); diff --git a/doc/gpg.texi b/doc/gpg.texi index 781a18828..0c43c55bd 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -476,7 +476,8 @@ only LDAP supports them all. @opindex fetch-keys Retrieve keys located at the specified URIs. Note that different installations of GnuPG may support different protocols (HTTP, FTP, -LDAP, etc.) +LDAP, etc.). When using HTTPS the system provided root certificates +are used by this command. @item --update-trustdb @opindex update-trustdb |