From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Sun, 30 Jun 2019 15:54:35 +0000 (-0400)
Subject: dirmngr: Only use SKS pool CA for SKS pool
X-Git-Tag: archive/raspbian/2.2.12-1+rpi1+deb10u2^2~7
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=f4ab35146fc69926ff7f36f951237da106a02836;p=gnupg2.git

dirmngr: Only use SKS pool CA for SKS pool

* dirmngr/http.c (http_session_new): when checking whether the
keyserver is the HKPS pool, check specifically against the pool name,
as ./configure might have been used to select a different default
keyserver.  It makes no sense to apply Kristian's certificate
authority to anything other than the literal host
hkps.pool.sks-keyservers.net.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

(cherry picked from commit 3233382068b7c477907daac697164b81ae45a7f4)

Gbp-Pq: Topic keyserver-cleanup
Gbp-Pq: Name dirmngr-Only-use-SKS-pool-CA-for-SKS-pool.patch
---

diff --git a/dirmngr/http.c b/dirmngr/http.c
index 1ba8e79..869e146 100644
--- a/dirmngr/http.c
+++ b/dirmngr/http.c
@@ -767,7 +767,7 @@ http_session_new (http_session_t *r_session,
 
     is_hkps_pool = (intended_hostname
                     && !ascii_strcasecmp (intended_hostname,
-                                          get_default_keyserver (1)));
+                                          "hkps.pool.sks-keyservers.net"));
 
     /* If the user has not specified a CA list, and they are looking
      * for the hkps pool from sks-keyservers.net, then default to