Page MenuHome GnuPG
Create Task
Maniphest T2181

ship sks-keyservers.netCA.pem in distributed tarball
Closed, ResolvedPublic
Actions

Description

sks-keyservers.netCA.pem should get shipped in the signed and
distributed tarball, to facilitate hkps connections to the keyserver
pool.

Details

Version
2.1.10

Related Objects

Event Timeline

dkg added a subscriber: dkg.Dec 10 2015, 11:25 PM

D341: 735_0001-ship-sks-keyservers.netCA.pem-in-distributed-tarball.patch

dkg added projects: dirmngr, Bug Report.Dec 10 2015, 11:25 PM
dkg set Version to 2.1.10.
dkg added a comment.Dec 11 2015, 4:04 AM

D340: 736_0001-Use-sks-keyservers-CA-by-default-for-the-hkps-pool.patch

dkg added a comment.Dec 11 2015, 4:04 AM

I'm attaching an updated patch that doesn't just ship sks-keyservers.netCA.pem
in the distributed tarball, but installs it during "make install" in pkgdatadir,
and then checks during query time to see if it should be used.

In particular, if the user asks for "hkps://hkps.pool.sks-keyservers.net" and
they haven't specified any hkp-cacert argument in dirmngr, it automatically
tries to load the bundled cert.

werner added a project: gnupg.Jan 22 2016, 11:23 AM
werner added a project: Restricted Project.Jan 22 2016, 12:41 PM
werner added a subscriber: werner.

Thanks. I did some modifications and also fixed an unrelated bug in the
detection of the poolname. Will go into 2.1.11.

werner closed this task as Resolved.May 6 2016, 8:24 PM
werner claimed this task.
werner removed a project: Restricted Project.