Dirmngr now supports hkps

Werner Koch wk at gnupg.org
Mon May 19 10:10:53 CEST 2014

On Thu,  8 May 2014 20:28, gnupg-devel at spodhuis.org said:

> they want to be able to select a CA based on the pool.  The current
> design of CA management/selection for keyservers in GnuPG, including the
> new dirmngr support, has to use the pool name in TLS SNI and Host: to

I changed that.  If Dirmngr figures that the given keyserver is a pool
(more than one A or AAAA record), it used the canonical name of the pool
for Host and SNI.  If it it is not a pool the the name is passed
verbatim to the http layer.

I also added some debug code to print the server certificates on failed.
DNS names are missing in the output but will be added soon.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list