You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
34 lines
1.3 KiB
34 lines
1.3 KiB
From 1c9cc97e9d47d73763810dcb4a36b6cdf31a2254 Mon Sep 17 00:00:00 2001
|
|
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
|
Date: Sun, 30 Jun 2019 11:54:35 -0400
|
|
Subject: [PATCH] dirmngr: Only use SKS pool CA for SKS pool
|
|
|
|
* dirmngr/http.c (http_session_new): when checking whether the
|
|
keyserver is the HKPS pool, check specifically against the pool name,
|
|
as ./configure might have been used to select a different default
|
|
keyserver. It makes no sense to apply Kristian's certificate
|
|
authority to anything other than the literal host
|
|
hkps.pool.sks-keyservers.net.
|
|
|
|
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
|
GnuPG-Bug-Id: 4593
|
|
---
|
|
dirmngr/http.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/dirmngr/http.c b/dirmngr/http.c
|
|
index 384f2569d..8e5d53939 100644
|
|
--- a/dirmngr/http.c
|
|
+++ b/dirmngr/http.c
|
|
@@ -767,7 +767,7 @@ http_session_new (http_session_t *r_session,
|
|
|
|
is_hkps_pool = (intended_hostname
|
|
&& !ascii_strcasecmp (intended_hostname,
|
|
- get_default_keyserver (1)));
|
|
+ "hkps.pool.sks-keyservers.net"));
|
|
|
|
/* If the user has not specified a CA list, and they are looking
|
|
* for the hkps pool from sks-keyservers.net, then default to
|
|
--
|
|
2.22.0
|
|
|
|
|