1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

dirmngr: Only use SKS pool CA for SKS pool

* dirmngr/http.c (http_session_new): when checking whether the
keyserver is the HKPS pool, check specifically against the pool name,
as ./configure might have been used to select a different default
keyserver.  It makes no sense to apply Kristian's certificate
authority to anything other than the literal host
hkps.pool.sks-keyservers.net.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
GnuPG-Bug-Id: 4593
This commit is contained in:
Daniel Kahn Gillmor 2019-06-30 11:54:35 -04:00
parent 520f5d70e4
commit 1c9cc97e9d

View File

@ -767,7 +767,7 @@ http_session_new (http_session_t *r_session,
is_hkps_pool = (intended_hostname
&& !ascii_strcasecmp (intended_hostname,
get_default_keyserver (1)));
"hkps.pool.sks-keyservers.net"));
/* If the user has not specified a CA list, and they are looking
* for the hkps pool from sks-keyservers.net, then default to