[Pkg-gnupg-commit] [gnupg2] 155/205: dirmngr: Use system provided root CAs with KS_FETCH.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed May 11 08:38:32 UTC 2016
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch experimental
in repository gnupg2.
commit c3aeda82b8d00b87a5af72b4075c487c10dfdf6b
Author: Werner Koch <wk at gnupg.org>
Date: Wed Apr 27 08:18:37 2016 +0200
dirmngr: Use system provided root CAs with KS_FETCH.
* dirmngr/ks-engine-http.c (ks_http_fetch): Use HTTP_FLAG_TRUST_SYS.
Signed-off-by: Werner Koch <wk at gnupg.org>
---
dirmngr/ks-engine-http.c | 4 +++-
doc/gpg.texi | 3 ++-
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/dirmngr/ks-engine-http.c b/dirmngr/ks-engine-http.c
index b996c25..00d0c4b 100644
--- a/dirmngr/ks-engine-http.c
+++ b/dirmngr/ks-engine-http.c
@@ -73,7 +73,9 @@ ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp)
estream_t fp = NULL;
char *request_buffer = NULL;
- err = http_session_new (&session, NULL, NULL, HTTP_FLAG_TRUST_DEF);
+ /* Note that we only use the system provided certificates with the
+ * fetch command. */
+ err = http_session_new (&session, NULL, NULL, HTTP_FLAG_TRUST_SYS);
if (err)
goto leave;
http_session_set_log_cb (session, cert_log_cb);
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 781a188..0c43c55 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -476,7 +476,8 @@ only LDAP supports them all.
@opindex fetch-keys
Retrieve keys located at the specified URIs. Note that different
installations of GnuPG may support different protocols (HTTP, FTP,
-LDAP, etc.)
+LDAP, etc.). When using HTTPS the system provided root certificates
+are used by this command.
@item --update-trustdb
@opindex update-trustdb
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list