security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

dirmngr: Align the gnutls use of CAs with the ntbtls code.

Browse source 
* dirmngr/http.c (http_session_new) <gnutls>: Use only the special
pool certificate for the default keyserver.
--

The gnutls version uses a different strategy than the ntbtls version
on when to use the special SKS pool certificate.  This patch aligns it
so that we don't need to wonder about different kind of bug reports.
In short the special cert is now the only cert use with the default
keyserver.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2020-09-10 09:13:59 +02:00
parent 7de9ed521e
commit e4f3b74c91
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
3 changed files with 18 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

6
dirmngr/http-ntbtls.c
View file

@ -77,8 +77,10 @@ gnupg_http_tls_verify_cb (void *opaque,
validate_flags = VALIDATE_FLAG_TLS;
/* If we are using the standard hkps:// pool use the dedicated
* root certificate. */
/* If we are using the standard hkps:// pool use the dedicated root
* certificate. Note that this differes from the GnuTLS
* implementation which uses this special certificate only if no
* other certificates are configured. */
hostname = ntbtls_get_hostname (tls);
if (hostname
&& !ascii_strcasecmp (hostname, get_default_keyserver (1)))