dirmngr: Use sks-keyservers CA by default for the hkps pool.
authorDaniel Kahn Gillmor <dkg@fifthhorseman.net>
Tue, 20 Oct 2015 03:48:30 +0000 (23:48 -0400)
committerWerner Koch <wk@gnupg.org>
Fri, 22 Jan 2016 10:53:49 +0000 (11:53 +0100)
commitafb8696126ff0babaab23e884ff5da008281e3b7
tree371c8a68e6a42b04da8a2e8e3bbcc9c91e6ddd2d
parent361820a3be48def2237f734d1383633891972f62
dirmngr: Use sks-keyservers CA by default for the hkps pool.

* dirmngr/Makefile.am (dist_pkgdata_DATA): Add sks-keyservers.netCA.pem.
* dirmngr/http.c (http_session_new): Add optional arg
intended_hostname and set a default cert.
* dirmngr/ks-engine-hkp.c (send_request): Pass httphost to
http_session_new.
--

Ship the certificate for the sks-keyservers hkps pool.  If the user
has specified that they want to use
hkps://hkps.pool.sks-keyservers.net, and they have not specified any
hkp-cacert explicitly, then initialize the trust path with this
specific trust anchor.

Co-authored-by: wk@gnupg.org
Signed-off-by: Werner Koch <wk@gnupg.org>
dirmngr/Makefile.am
dirmngr/http.c
dirmngr/http.h
dirmngr/ks-engine-hkp.c
dirmngr/ks-engine-http.c
dirmngr/t-http.c