sks-keyservers.netCA.pem should get shipped in the signed and
distributed tarball, to facilitate hkps connections to the keyserver
pool.
Description
Description
Details
Details
- Version
- 2.1.10
Related Objects
Related Objects
Event Timeline
Comment Actions
I'm attaching an updated patch that doesn't just ship sks-keyservers.netCA.pem
in the distributed tarball, but installs it during "make install" in pkgdatadir,
and then checks during query time to see if it should be used.
In particular, if the user asks for "hkps://hkps.pool.sks-keyservers.net" and
they haven't specified any hkp-cacert argument in dirmngr, it automatically
tries to load the bundled cert.
Comment Actions
Thanks. I did some modifications and also fixed an unrelated bug in the
detection of the poolname. Will go into 2.1.11.