dirmngr: Use sks-keyservers CA by default for the hkps pool.

* dirmngr/Makefile.am (dist_pkgdata_DATA): Add sks-keyservers.netCA.pem. * dirmngr/http.c (http_session_new): Add optional arg intended_hostname and set a default cert. * dirmngr/ks-engine-hkp.c (send_request): Pass httphost to http_session_new. -- Ship the certificate for the sks-keyservers hkps pool. If the user has specified that they want to use hkps://hkps.pool.sks-keyservers.net, and they have not specified any hkp-cacert explicitly, then initialize the trust path with this specific trust anchor. Co-authored-by: wk@gnupg.org Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-02 22:46:30 +02:00 · 2015-10-19 23:48:30 -04:00 · 2015-10-19 23:48:30 -04:00 · afb8696126
commit afb8696126
parent 361820a3be
6 changed files with 36 additions and 5 deletions
--- a/dirmngr/http.h
+++ b/dirmngr/http.h
@ -98,7 +98,8 @@ void http_register_tls_callback (gpg_error_t (*cb)(http_t,http_session_t,int));
 void http_register_tls_ca (const char *fname);

 gpg_error_t http_session_new (http_session_t *r_session,
-                              const char *tls_priority);
+                              const char *tls_priority,
+                              const char *intended_hostname);
 http_session_t http_session_ref (http_session_t sess);
 void http_session_release (http_session_t sess);