Check system CA's if cacert file doesn't include a valid CA for a hkps keyserver
Reported by Luke Le | December 13th, 2014 @ 10:48 PM | in 2.0.26b3 (closed)
Curl is by default not telling gnutls to lookup OS X keychain
for a valid CA when connecting to a keyserver.
Our patch adds this functionality if there's no ca-cert file
specifically specified in gpg.conf
If there is a ca-cert file specified, only that will be checked for
valid CAs.
Also, to support hkps connections to the sks-keyservers without additional configuration, macgpg2 bundles the CA cert file for sks-keyservers and curl uses that one by default.
Comments and changes to this ticket
-
Support December 19th, 2014 @ 10:39 AM
- State changed from “new” to “fixed”
(from [c13b378e842fa3e4dc74f5df52a57494fa9fdae3]) [FIX] Search system CA's if the default cacert doesn't include a valid CA [#146 state:fixed]
- By default we only ship the certificate for sks-keyservers
- If the default cacert is not overwritten with a custom one, the system CA (keychain lookup) is checked for a valid CA.
- Adds the functionality to lookup the system CA via gnutls directly to curl. https://github.com/GPGTools/MacGPG2/commit/c13b378e842fa3e4dc74f5df...
-
steve December 19th, 2014 @ 05:42 PM
- State changed from “fixed” to “verified”
-
steve December 30th, 2014 @ 07:31 PM
- Milestone changed from “2.0.27” to “2.0.26b3”
-
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create new ticket
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป
Luke Le
Mento
steve