security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

dirmngr: Use system provided root CAs with KS_FETCH. 

* dirmngr/ks-engine-http.c (ks_http_fetch): Use HTTP_FLAG_TRUST_SYS.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2016-04-27 08:18:37 +02:00
parent fd765df6a7
commit c3aeda82b8
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
2 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
dirmngr/ks-engine-http.c
View File

@ -73,7 +73,9 @@ ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp)
estream_t fp = NULL;
char *request_buffer = NULL;
err = http_session_new (&session, NULL, NULL, HTTP_FLAG_TRUST_DEF);
/* Note that we only use the system provided certificates with the
* fetch command. */
err = http_session_new (&session, NULL, NULL, HTTP_FLAG_TRUST_SYS);
if (err)
goto leave;
http_session_set_log_cb (session, cert_log_cb);

3
doc/gpg.texi
View File

@ -476,7 +476,8 @@ only LDAP supports them all.
@opindex fetch-keys
Retrieve keys located at the specified URIs. Note that different
installations of GnuPG may support different protocols (HTTP, FTP,
LDAP, etc.)
LDAP, etc.). When using HTTPS the system provided root certificates
are used by this command.
@item --update-trustdb
@opindex update-trustdb