1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00
Daniel Kahn Gillmor 7c1613d415
dirmngr: Add system CAs if no hkp-cacert is given
* dirmngr/dirmngr.c (http_session_new): If the user isn't talking to
the HKPS pool, and they have not specified any hkp-cacert, then we
should default to the system CAs, rather than nothing.
* doc/dirmngr.texi: Document choice of CAs.

--

Consider three possible classes of dirmngr configuration:

 a) no hkps:// keyserver URLs at all (communication with keyservers is
    entirely in the clear)

 b) hkps:// keyserver URLs, but no hkp-cacert directives

 c) hkps:// keyserver URLs, and at least one hkp-cacert directive

class (a) provides no confidentiality of requests.

class (b) currently will never work because the server certificate
cannot be validated.

class (c) is currently supported as intended.

This patch allows users with configurations in class (b) to work as
most users expect (relying on the system certificate authorities),
without affecting users in classes (a) or (c).

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

o minor indentation fix
  - wk
2016-11-17 15:29:35 +01:00
..
2014-12-14 12:15:21 +01:00
sm/
2006-11-14 10:23:21 +00:00
2016-08-03 17:00:40 +02:00
2016-09-20 09:32:25 +09:00
DCO
2013-04-17 11:26:27 +02:00
2003-01-09 13:24:01 +00:00
2016-09-20 09:56:22 +09:00
2010-06-10 10:39:44 +00:00
2007-07-04 19:49:40 +00:00
2007-03-08 18:31:56 +00:00
2014-07-03 11:03:22 +02:00
2016-11-17 15:29:35 +01:00
2016-09-20 16:23:02 +09:00
2007-05-08 13:59:41 +00:00
2006-08-21 20:20:23 +00:00
2016-09-17 16:00:37 +09:00
2016-09-20 09:56:22 +09:00
2008-06-25 11:14:48 +00:00
2012-11-30 12:47:49 -05:00
2016-09-20 13:02:39 +09:00
2011-08-12 14:40:47 +02:00
2016-09-17 16:00:37 +09:00
2006-12-06 16:38:34 +00:00
2016-09-20 15:41:36 +09:00