From 1c9cc97e9d47d73763810dcb4a36b6cdf31a2254 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 30 Jun 2019 11:54:35 -0400 Subject: [PATCH] dirmngr: Only use SKS pool CA for SKS pool * dirmngr/http.c (http_session_new): when checking whether the keyserver is the HKPS pool, check specifically against the pool name, as ./configure might have been used to select a different default keyserver. It makes no sense to apply Kristian's certificate authority to anything other than the literal host hkps.pool.sks-keyservers.net. Signed-off-by: Daniel Kahn Gillmor GnuPG-Bug-Id: 4593 --- dirmngr/http.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dirmngr/http.c b/dirmngr/http.c index 384f2569d..8e5d53939 100644 --- a/dirmngr/http.c +++ b/dirmngr/http.c @@ -767,7 +767,7 @@ http_session_new (http_session_t *r_session, is_hkps_pool = (intended_hostname && !ascii_strcasecmp (intended_hostname, - get_default_keyserver (1))); + "hkps.pool.sks-keyservers.net")); /* If the user has not specified a CA list, and they are looking * for the hkps pool from sks-keyservers.net, then default to