1 files changed, 10 insertions, 8 deletions

diff --git a/dirmngr/http-ntbtls.c b/dirmngr/http-ntbtls.c
index ae5cf5519..2191acb60 100644
--- a/dirmngr/http-ntbtls.c
+++ b/dirmngr/http-ntbtls.c
@@ -47,7 +47,7 @@ gnupg_http_tls_verify_cb (void *opaque,
   ksba_cert_t cert;
   ksba_cert_t hostcert = NULL;
   unsigned int validate_flags;
-  const char *hostname;
+  /* const char *hostname; */
 
   (void)http;
   (void)session;
@@ -81,14 +81,16 @@ gnupg_http_tls_verify_cb (void *opaque,
    * certificate.  Note that this differes from the GnuTLS
    * implementation which uses this special certificate only if no
    * other certificates are configured. */
-  hostname = ntbtls_get_hostname (tls);
-  if (hostname
-      && !ascii_strcasecmp (hostname, get_default_keyserver (1)))
-    {
-      validate_flags |= VALIDATE_FLAG_TRUST_HKPSPOOL;
-    }
-  else /* Use the certificates as requested from the HTTP module.  */
+  /* Disabled for 2.3.2 to due problems with the standard hkps pool.  */
+  /* hostname = ntbtls_get_hostname (tls); */
+  /* if (hostname */
+  /*     && !ascii_strcasecmp (hostname, get_default_keyserver (1))) */
+  /*   { */
+  /*     validate_flags |= VALIDATE_FLAG_TRUST_HKPSPOOL; */
+  /*   } */
+  /* else */
     {
+      /* Use the certificates as requested from the HTTP module.  */
       if ((http_flags & HTTP_FLAG_TRUST_CFG))
         validate_flags |= VALIDATE_FLAG_TRUST_CONFIG;
       if ((http_flags & HTTP_FLAG_TRUST_DEF))