dirmngr: Reduce default LDAP timeout to 15 seconds.
[gnupg.git] / dirmngr / http-ntbtls.c
index d44b779..ea66a4d 100644 (file)
@@ -26,7 +26,7 @@
 #include "dirmngr.h"
 #include "certcache.h"
 #include "validate.h"
-#include "misc.h"
+#include "http-common.h"
 
 #ifdef HTTP_USE_NTBTLS
 # include <ntbtls.h>
@@ -91,6 +91,12 @@ gnupg_http_tls_verify_cb (void *opaque,
         validate_flags |= VALIDATE_FLAG_TRUST_HKP;
       if ((http_flags & HTTP_FLAG_TRUST_SYS))
         validate_flags |= VALIDATE_FLAG_TRUST_SYSTEM;
+
+      /* If HKP trust is requested and there are no HKP certificates
+       * configured, also try thye standard system certificates.  */
+      if ((validate_flags & VALIDATE_FLAG_TRUST_HKP)
+          && !cert_cache_any_in_class (CERTTRUST_CLASS_HKP))
+        validate_flags |= VALIDATE_FLAG_TRUST_SYSTEM;
     }
 
   if ((http_flags & HTTP_FLAG_NO_CRL))