blob: 6a0e77858ef231fff2fb1577710ad415323c3129 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Sun, 30 Jun 2019 11:54:35 -0400
Subject: dirmngr: Only use SKS pool CA for SKS pool
* dirmngr/http.c (http_session_new): when checking whether the
keyserver is the HKPS pool, check specifically against the pool name,
as ./configure might have been used to select a different default
keyserver. It makes no sense to apply Kristian's certificate
authority to anything other than the literal host
hkps.pool.sks-keyservers.net.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
---
dirmngr/http.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dirmngr/http.c b/dirmngr/http.c
index 5e3f17c..40160e0 100644
--- a/dirmngr/http.c
+++ b/dirmngr/http.c
@@ -768,7 +768,7 @@ http_session_new (http_session_t *r_session,
is_hkps_pool = (intended_hostname
&& !ascii_strcasecmp (intended_hostname,
- get_default_keyserver (1)));
+ "hkps.pool.sks-keyservers.net"));
/* If we are looking for the hkps pool from sks-keyservers.net,
* then forcefully use its dedicated certificate authority. */
|
