dirmngr: Use sks-keyservers CA by default for the hkps pool.

* dirmngr/Makefile.am (dist_pkgdata_DATA): Add sks-keyservers.netCA.pem. * dirmngr/http.c (http_session_new): Add optional arg intended_hostname and set a default cert. * dirmngr/ks-engine-hkp.c (send_request): Pass httphost to http_session_new. -- Ship the certificate for the sks-keyservers hkps pool. If the user has specified that they want to use hkps://hkps.pool.sks-keyservers.net, and they have not specified any hkp-cacert explicitly, then initialize the trust path with this specific trust anchor. Co-authored-by: wk@gnupg.org Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-02 22:46:30 +02:00 · 2015-10-19 23:48:30 -04:00 · 2015-10-19 23:48:30 -04:00 · afb8696126
commit afb8696126
parent 361820a3be
6 changed files with 36 additions and 5 deletions
--- a/dirmngr/t-http.c
+++ b/dirmngr/t-http.c
@ -262,7 +262,7 @@ main (int argc, char **argv)
  http_register_tls_callback (verify_callback);
  http_register_tls_ca (cafile);

-  err = http_session_new (&session, NULL);
+  err = http_session_new (&session, NULL, NULL);
  if (err)
    log_error ("http_session_new failed: %s\n", gpg_strerror (err));