Page MenuHome GnuPG

dirmngr: hkps connections should default to system trust if --hkp-cacert is not given
Open, NormalPublic

Description

currently, if no --hkp-cacert option is provided, and the keyserver hostname is
anything but hkps.pool.sks-keyservers.net, no X.509 trust anchors are used,
which means that hkps connections from dirmngr must fail.

Instead, hkps connections from dirmngr should default to using system trust,
which could be overridden by setting hkp-cacert directly.

see initial discussion here:

https://lists.gnupg.org/pipermail/gnupg-devel/2016-July/031372.html

Details

Version
2.1.14

Event Timeline

dkg set Version to 2.1.14.
dkg added a subscriber: dkg.