security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-03 22:56:33 +02:00
Code Activity

dirmngr: Align the gnutls use of CAs with the ntbtls code.

Browse source 
* dirmngr/http.c (http_session_new) <gnutls>: Use only the special
pool certificate for the default keyserver.
--

The gnutls version uses a different strategy than the ntbtls version
on when to use the special SKS pool certificate.  This patch aligns it
so that we don't need to wonder about different kind of bug reports.
In short the special cert is now the only cert use with the default
keyserver.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2020-09-10 09:13:59 +02:00
parent d4cb774ddd
commit faabc49797
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
3 changed files with 18 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

3
dirmngr/certcache.c
View file

@ -721,6 +721,9 @@ cert_cache_init (strlist_t hkp_cacerts)
load_certs_from_dir (fname, 0);
xfree (fname);
/* Put the special pool certificate into our store. This is
* currently only used with ntbtls. For GnuTLS http_session_new
* unfortunately loads that certificate directly from the file. */
fname = make_filename_try (gnupg_datadir (),
"sks-keyservers.netCA.pem", NULL);
if (fname)