Page MenuHome GnuPG

ship sks-keyservers.netCA.pem in distributed tarball
Closed, ResolvedPublic

Description

sks-keyservers.netCA.pem should get shipped in the signed and
distributed tarball, to facilitate hkps connections to the keyserver
pool.

Details

Version
2.1.10

Event Timeline

I'm attaching an updated patch that doesn't just ship sks-keyservers.netCA.pem
in the distributed tarball, but installs it during "make install" in pkgdatadir,
and then checks during query time to see if it should be used.

In particular, if the user asks for "hkps://hkps.pool.sks-keyservers.net" and
they haven't specified any hkp-cacert argument in dirmngr, it automatically
tries to load the bundled cert.

werner added a subscriber: werner.

Thanks. I did some modifications and also fixed an unrelated bug in the
detection of the poolname. Will go into 2.1.11.

werner claimed this task.
werner removed a project: Restricted Project.