[whimsy] branch master updated: SKS keyserver is no more

Mon, 09 Aug 2021 15:22:40 -0700 

This is an automated email from the ASF dual-hosted git repository.

sebb pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/whimsy.git


The following commit(s) were added to refs/heads/master by this push:
     new ddd2653  SKS keyserver is no more
ddd2653 is described below

commit ddd265374bc1106189dd62a7dd4a6e1767681b4b
Author: Sebb <[email protected]>
AuthorDate: Mon Aug 9 23:22:27 2021 +0100

    SKS keyserver is no more
---
 www/secretary/workbench/config.rb                     | 15 ---------------
 .../workbench/views/actions/check-signature.json.rb   | 19 -------------------
 2 files changed, 34 deletions(-)

diff --git a/www/secretary/workbench/config.rb 
b/www/secretary/workbench/config.rb
index 59fcac9..767c03e 100644
--- a/www/secretary/workbench/config.rb
+++ b/www/secretary/workbench/config.rb
@@ -15,18 +15,3 @@ end
 #
 
 GNUPGHOME = (Dir.exist?('/srv/gpg') ? '/srv/gpg' : nil)
-
-# sks keyserver certificate locations for use with hkps.pool.sks-keyservers.net
-# - whimsy on ubuntu
-# - macos
-%w{
-   /usr/share/gnupg/sks-keyservers.netCA.pem
-   /usr/share/gnupg2/sks-keyservers.netCA.pem
-   /usr/local/gnupg-2.2/share/gnupg/sks-keyservers.netCA.pem
-   /usr/local/share/gnupg/sks-keyservers.netCA.pem
-  }.each do |cert|
-  if File.exist? cert
-    SKS_KEYSERVER_CERT = cert
-    break
-  end
-end
diff --git a/www/secretary/workbench/views/actions/check-signature.json.rb 
b/www/secretary/workbench/views/actions/check-signature.json.rb
index 3567b1b..5d3ee48 100644
--- a/www/secretary/workbench/views/actions/check-signature.json.rb
+++ b/www/secretary/workbench/views/actions/check-signature.json.rb
@@ -14,12 +14,6 @@ ENV['GNUPGHOME'] = GNUPGHOME if GNUPGHOME
 # gozer.rediris.es certificate has expired
 KEYSERVERS = %w{keys.openpgp.org}
 
-# Obtained from 
https://dl.cacerts.digicert.com/TERENASSLHighAssuranceCA3.crt.pem
-# Originally needed by gozer host, possibly others?
-TERENA_CERT = 
'/srv/whimsy/www/secretary/workbench/TERENA_SSL_High_Assurance_CA_3.pem'
-# FTR, the certificate expires Nov 18 12:00:00 2024 GMT, according to:
-# openssl x509 -noout -text -in TERENASSLHighAssuranceCA3.crt.pem
-
 # ** N.B. ensure the keyserver URI is known below **
 def getServerURI(server, keyid)
   if server == 'keys.openpgp.org'
@@ -47,19 +41,6 @@ def getURI(uri, file)
   uri = URI.parse(uri)
   opts = {use_ssl: uri.scheme == 'https'}
   # The pool needs a special CA cert
-  if uri.host == 'hkps.pool.sks-keyservers.net'
-    unless defined? SKS_KEYSERVER_CERT
-      raise ArgumentError, "Cannot use #{uri} as there is no definition for 
SKS_KEYSERVER_CERT"
-    end
-
-    opts[:ca_file] = SKS_KEYSERVER_CERT
-  elsif uri.host.end_with? '.rediris.es'
-    require 'openssl'
-    store = OpenSSL::X509::Store.new
-    store.set_default_paths
-    store.add_file(TERENA_CERT)
-    opts[:cert_store] = store
-  end
   Net::HTTP.start(uri.host, uri.port, opts ) do |https|
     https.request_get(uri.request_uri) do |res|
       unless res.code == "200"

Reply via email to