gnupg: apply default server CA verification patch (ba23c14b) · Commits · jan / nixpkgs

Unverified Commit ba23c14b authored Jun 30, 2019 by

Alyssa Ross

gnupg: apply default server CA verification patch

See discussion at
https://github.com/NixOS/nixpkgs/pull/63952#issuecomment-507048690

.

Upstream commit:

commit 1c9cc97e9d47d73763810dcb4a36b6cdf31a2254
Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date:   Sun Jun 30 11:54:35 2019 -0400

    dirmngr: Only use SKS pool CA for SKS pool

    * dirmngr/http.c (http_session_new): when checking whether the
    keyserver is the HKPS pool, check specifically against the pool name,
    as ./configure might have been used to select a different default
    keyserver.  It makes no sense to apply Kristian's certificate
    authority to anything other than the literal host
    hkps.pool.sks-keyservers.net.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
    GnuPG-Bug-Id: 4593

parent c727083e

Hide whitespace changes

Inline Side-by-side

Please register or to comment