gnupg

History

Daniel Kahn Gillmor 7c1613d415 dirmngr: Add system CAs if no hkp-cacert is given * dirmngr/dirmngr.c (http_session_new): If the user isn't talking to the HKPS pool, and they have not specified any hkp-cacert, then we should default to the system CAs, rather than nothing. * doc/dirmngr.texi: Document choice of CAs. -- Consider three possible classes of dirmngr configuration: a) no hkps:// keyserver URLs at all (communication with keyservers is entirely in the clear) b) hkps:// keyserver URLs, but no hkp-cacert directives c) hkps:// keyserver URLs, and at least one hkp-cacert directive class (a) provides no confidentiality of requests. class (b) currently will never work because the server certificate cannot be validated. class (c) is currently supported as intended. This patch allows users with configurations in class (b) to work as most users expect (relying on the system certificate authorities), without affecting users in classes (a) or (c). Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> o minor indentation fix - wk		2016-11-17 15:29:35 +01:00
..
ChangeLog-2011	Remove the obsolete keyserver directory from the repo.	2015-04-20 18:20:45 +02:00
ChangeLog-2011-ks	Remove the obsolete keyserver directory from the repo.	2015-04-20 18:20:45 +02:00
Makefile.am	dirmngr: Add command to only load the swdb.	2016-11-16 21:22:39 +01:00
OAUTHORS	Nuked almost all trailing white space.	2011-02-04 12:57:53 +01:00
ONEWS	Nuked almost all trailing white space.	2011-02-04 12:57:53 +01:00
cdb.h	Tweaks for gpgconf.	2010-12-14 19:17:58 +00:00
cdblib.c	move some file encodings to UTF-8	2016-09-17 15:57:31 +09:00
certcache.c	Change all http://www.gnu.org in license notices to https://	2016-11-05 12:02:19 +01:00
certcache.h	Nuked almost all trailing white space.	2011-02-04 12:57:53 +01:00
crlcache.c	Change all http://www.gnu.org in license notices to https://	2016-11-05 12:02:19 +01:00
crlcache.h	move some file encodings to UTF-8	2016-09-17 15:57:31 +09:00
crlfetch.c	Change all http://www.gnu.org in license notices to https://	2016-11-05 12:02:19 +01:00
crlfetch.h	Change all http://www.gnu.org in license notices to https://	2016-11-05 12:02:19 +01:00
dirmngr-client.c	Change all http://www.gnu.org in license notices to https://	2016-11-05 12:02:19 +01:00
dirmngr-err.h	Some work on porting dirmngr (unfinished)	2010-07-16 13:19:45 +00:00
dirmngr.c	dirmngr: Register hkp-cacert even if the file doesn't exist yet	2016-11-17 15:29:35 +01:00
dirmngr.h	dirmngr: Auto-sownload the swdb.lst	2016-11-17 10:14:14 +01:00
dirmngr_ldap.c	Change all http://www.gnu.org in license notices to https://	2016-11-05 12:02:19 +01:00
dns-stuff.c	dirmngr: Improve concurrency in the non-adns case.	2016-11-10 11:41:53 +01:00
dns-stuff.h	Change all http://www.gnu.org in license notices to https://	2016-11-05 12:02:19 +01:00
http.c	dirmngr: Add system CAs if no hkp-cacert is given	2016-11-17 15:29:35 +01:00
http.h	dirmngr: Prepare to trigger jobs by network activity.	2016-11-11 17:30:23 +01:00
ks-action.c	Change all http://www.gnu.org in license notices to https://	2016-11-05 12:02:19 +01:00
ks-action.h	Change all http://www.gnu.org in license notices to https://	2016-11-05 12:02:19 +01:00
ks-engine-finger.c	Change all http://www.gnu.org in license notices to https://	2016-11-05 12:02:19 +01:00
ks-engine-hkp.c	dirmngr: Improve concurrency in the non-adns case.	2016-11-10 11:41:53 +01:00
ks-engine-http.c	Change all http://www.gnu.org in license notices to https://	2016-11-05 12:02:19 +01:00
ks-engine-kdns.c	Change all http://www.gnu.org in license notices to https://	2016-11-05 12:02:19 +01:00
ks-engine-ldap.c	Change all http://www.gnu.org in license notices to https://	2016-11-05 12:02:19 +01:00
ks-engine.h	Change all http://www.gnu.org in license notices to https://	2016-11-05 12:02:19 +01:00
ldap-parse-uri.c	Change all http://www.gnu.org in license notices to https://	2016-11-05 12:02:19 +01:00
ldap-parse-uri.h	Change all http://www.gnu.org in license notices to https://	2016-11-05 12:02:19 +01:00
ldap-url.c	dirmngr: Simplify strtok macro.	2014-03-07 19:00:31 +01:00
ldap-url.h	Merged Dirmngr with GnuPG.	2010-06-09 16:53:51 +00:00
ldap-wrapper-ce.c	Change all http://www.gnu.org in license notices to https://	2016-11-05 12:02:19 +01:00
ldap-wrapper.c	Change all http://www.gnu.org in license notices to https://	2016-11-05 12:02:19 +01:00
ldap-wrapper.h	Change all http://www.gnu.org in license notices to https://	2016-11-05 12:02:19 +01:00
ldap.c	dirmngr: Avoid casting away a const from an char**.	2015-11-27 17:10:59 +01:00
ldapserver.c	Improve spelling and grammar of some comments.	2015-03-23 19:58:30 +01:00
ldapserver.h	Change all http://www.gnu.org in license notices to https://	2016-11-05 12:02:19 +01:00
loadswdb.c	dirmngr: Improve downloading of swdb.lst.	2016-11-17 10:08:20 +01:00
misc.c	dirmngr: Indicate that serial numbers are hexadecimal.	2016-01-22 12:54:02 +01:00
misc.h	dirmngr: Indicate that serial numbers are hexadecimal.	2016-01-22 12:54:02 +01:00
ocsp.c	dirmngr: Remove all system daemon features.	2016-08-18 11:23:40 +02:00
ocsp.h	Merged Dirmngr with GnuPG.	2010-06-09 16:53:51 +00:00
server.c	dirmngr: Add command to only load the swdb.	2016-11-16 21:22:39 +01:00
sks-keyservers.netCA.pem	dirmngr: Add support for hkps keyservers.	2014-05-05 16:23:37 +02:00
t-dns-stuff.c	Change all http://www.gnu.org in license notices to https://	2016-11-05 12:02:19 +01:00
t-http.c	Change all http://www.gnu.org in license notices to https://	2016-11-05 12:02:19 +01:00
t-ldap-parse-uri.c	Change all http://www.gnu.org in license notices to https://	2016-11-05 12:02:19 +01:00
t-support.h	Change all http://www.gnu.org in license notices to https://	2016-11-05 12:02:19 +01:00
tls-ca.pem	Move http module from common/ to dirmngr/.	2015-10-18 20:08:26 +02:00
validate.c	dirmngr: Remove all system daemon features.	2016-08-18 11:23:40 +02:00
validate.h	Merged Dirmngr with GnuPG.	2010-06-09 16:53:51 +00:00
w32-ldap-help.h	Change all http://www.gnu.org in license notices to https://	2016-11-05 12:02:19 +01:00