mirror of
git://git.gnupg.org/gnupg.git
synced 2025-07-02 22:46:30 +02:00
dirmngr: Change the default keyserver.
* configure.ac (DIRMNGR_DEFAULT_KEYSERVER): Change to
keyserver.ubuntu.com.
* dirmngr/certcache.c (cert_cache_init): Disable default pool cert.
* dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Ditto.
* dirmngr/http.c (http_session_new): Ditto.
* dirmngr/server.c (make_keyserver_item): Use a different mapping for
the gnupg.net names.
--
Due to the unfortunate shutdown of the keyserver pool, the long term
defaults won't work anymore. Thus it is better to change them.
For https access keyserver.ubuntu.com is now used because it can be
expected that this server can stand the load from newer gnupg LTS
versions.
For http based access the Dutch Surfnet keyserver is used. However
due to a non-standard TLS certificate this server can not easily be
made the default for https.
Note: that the default server will be changed again as soon as a new
connected keyserver infrastructure has been established.
(cherry picked from commit 47c4e3e00a)
This commit is contained in:
Werner Koch
parent
8b1fb97861
commit
55b5928099
7 changed files with 60 additions and 57 deletions
|
|
@ -321,9 +321,8 @@ provided. These are the same as the @option{--keyserver-options} of
|
|||
@command{gpg}, but apply only to this particular keyserver.
|
||||
|
||||
Most keyservers synchronize with each other, so there is generally no
|
||||
need to send keys to more than one server. The keyserver
|
||||
@code{hkp://keys.gnupg.net} uses round robin DNS to give a different
|
||||
keyserver each time you use it.
|
||||
need to send keys to more than one server. Somes keyservers use round
|
||||
robin DNS to give a different keyserver each time you use it.
|
||||
|
||||
If exactly two keyservers are configured and only one is a Tor hidden
|
||||
service (.onion), Dirmngr selects the keyserver to use depending on
|
||||
|
|
@ -331,7 +330,7 @@ whether Tor is locally running or not. The check for a running Tor is
|
|||
done for each new connection.
|
||||
|
||||
If no keyserver is explicitly configured, dirmngr will use the
|
||||
built-in default of @code{hkps://hkps.pool.sks-keyservers.net}.
|
||||
built-in default of @code{https://keyserver.ubuntu.com}.
|
||||
|
||||
Windows users with a keyserver running on their Active Directory
|
||||
may use the short form @code{ldap:///} for @var{name} to access this directory.
|
||||
|
|
@ -596,10 +595,8 @@ the file is in PEM format a suffix of @code{.pem} is expected for
|
|||
@var{file}. This option may be given multiple times to add more
|
||||
root certificates. Tilde expansion is supported.
|
||||
|
||||
If no @code{hkp-cacert} directive is present, dirmngr will make a
|
||||
reasonable choice: if the keyserver in question is the special pool
|
||||
@code{hkps.pool.sks-keyservers.net}, it will use the bundled root
|
||||
certificate for that pool. Otherwise, it will use the system CAs.
|
||||
If no @code{hkp-cacert} directive is present, dirmngr will use the
|
||||
system CAs.
|
||||
|
||||
@end table
|
||||
|
||||
|
|
|
|||
|
|
@ -57,7 +57,7 @@ Directory.
|
|||
|
||||
@mansect description
|
||||
The @command{gpg-wks-client} is used to send requests to a Web Key
|
||||
Service provider. This is usuallay done to upload a key into a Web
|
||||
Service provider. This is usually done to upload a key into a Web
|
||||
Key Directory.
|
||||
|
||||
With the @option{--supported} command the caller can test whether a
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue