Home GnuPG
Diffusion GnuPG c4e02a3b7ad6

dirmngr: Register hkp-cacert even if the file doesn't exist yet
c4e02a3b7ad6Unpublished
Actions

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

Description

dirmngr: Register hkp-cacert even if the file doesn't exist yet

* dirmngr/dirmngr.c (parse_readable_options): If we're unable to turn
an argument for hkp-cacert into an absolute filename, terminate
completely.
* dirmngr/http.c (http_register_tls_ca): Show a warning if file is not
immediately accessible, but register it anyway.

Without this changeset, the condition of the filesystem when dirmngr
is initialized will have an effect on later activities of dirmngr.

For example, if a file identified by a hkp-cacert directive doesn't
exist when dirmngr starts, dirmngr will behave as though it simply
didn't have the hkp-cacert directive set at all, even if the file
should appear later.

dirmngr currently behaves differently if no hkp-cacert directives have
been set then it does when at least one hkp-cacert directive has been
set. For example, its choice of CA cert for
hkps://hkps.pool.sks-keyservers.net depends on whether a TLS CA file
has been registered. That behavior shouldn't additionally depend on
the state of the filesystem at the time of dirmngr launch.

  • Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Details

Provenance
dkgAuthored on Oct 28 2016, 12:30 AM
wernerCommitted on Nov 17 2016, 3:29 PM
Parents
rG5210ff70bc79: doc: Typo fixes.
Branches
Unknown
Tags
Unknown

Event Timeline

Werner Koch <wk@gnupg.org> committed rGc4e02a3b7ad6: dirmngr: Register hkp-cacert even if the file doesn't exist yet (authored by Daniel Kahn Gillmor <dkg@fifthhorseman.net>).Nov 17 2016, 3:29 PM

Changes (2)

PathSize
dirmngr/

rGc4e02a3b7ad6

View Options

dirmngr/dirmngr.c

Loading...
View Options

dirmngr/http.c

Loading...