dirmngr: hkps connections should default to system trust if --hkp-cacert is not given
Open, NormalPublic
Actions

Edit Task
Edit Related Tasks...
Create Subtask
Edit Parent Tasks
Edit Subtasks
Merge Duplicates In
Close As Duplicate
Edit Related Objects...
Edit Commits
Edit Mocks
Edit Revisions
Mute Notifications
Award Token

Assigned To

None

Authored By

	dkg
	Aug 1 2016, 10:31 PM

Description

currently, if no --hkp-cacert option is provided, and the keyserver hostname is
anything but hkps.pool.sks-keyservers.net, no X.509 trust anchors are used,
which means that hkps connections from dirmngr must fail.

Instead, hkps connections from dirmngr should default to using system trust,
which could be overridden by setting hkp-cacert directly.

see initial discussion here:

https://lists.gnupg.org/pipermail/gnupg-devel/2016-July/031372.html

Details

Version: 2.1.14

Event Timeline

dkg added projects: dirmngr, Bug Report.Aug 1 2016, 10:31 PM

dkg set Version to 2.1.14.

dkg added a subscriber: dkg.

• werner added a project: gnupg.Dec 1 2016, 10:35 AM

thesamesam added a subscriber: thesamesam.Sep 1 2023, 5:25 AM

dirmngr: hkps connections should default to system trust if --hkp-cacert is not givenOpen, NormalPublicActions

Description

Details

Event Timeline

dirmngr: hkps connections should default to system trust if --hkp-cacert is not given
Open, NormalPublic
Actions