From 4ce96162f089e62d0d27ab305c227e0823439c10 Mon Sep 17 00:00:00 2001
From: Justus Winter <justus@sequoia-pgp.org>
Date: Mon, 19 Aug 2019 17:34:10 +0200
Subject: net: Drop SKS pool in favor of keys.openpgp.org.

---
 ffi/examples/configure.c         |   2 +-
 ffi/examples/keyserver.c         |   2 +-
 ffi/include/sequoia/net.h        |   9 ++++-----
 ffi/lang/python/sequoia/net.py   |   4 ++--
 ffi/src/net.rs                   |  13 ++++++-------
 net/src/lib.rs                   |  16 ++++++----------
 net/src/sks-keyservers.netCA.der | Bin 1423 -> 0 bytes
 store/src/backend/mod.rs         |   2 +-
 tool/src/sq.rs                   |   2 +-
 9 files changed, 22 insertions(+), 28 deletions(-)
 delete mode 100644 net/src/sks-keyservers.netCA.der

diff --git a/ffi/examples/configure.c b/ffi/examples/configure.c
index 37401047..ca3d781a 100644
--- a/ffi/examples/configure.c
+++ b/ffi/examples/configure.c
@@ -31,7 +31,7 @@ main (int argc, char **argv)
     error (1, 0, "Initializing sequoia failed: %s",
            pgp_error_to_string (err));
 
-  ks = sq_keyserver_sks_pool (ctx);
+  ks = sq_keyserver_keys_openpgp_org (ctx);
   if (ks == NULL)
     {
       pgp_error_t err = sq_context_last_error (ctx);
diff --git a/ffi/examples/keyserver.c b/ffi/examples/keyserver.c
index 3a0acae7..715795d8 100644
--- a/ffi/examples/keyserver.c
+++ b/ffi/examples/keyserver.c
@@ -29,7 +29,7 @@ main (int argc, char **argv)
     error (1, 0, "Initializing sequoia failed: %s",
            pgp_error_to_string (err));
 
-  ks = sq_keyserver_sks_pool (ctx);
+  ks = sq_keyserver_keys_openpgp_org (ctx);
   if (ks == NULL)
     {
       pgp_error_t err = sq_context_last_error (ctx);
diff --git a/ffi/include/sequoia/net.h b/ffi/include/sequoia/net.h
index 4e2f030b..8b74f727 100644
--- a/ffi/include/sequoia/net.h
+++ b/ffi/include/sequoia/net.h
@@ -34,15 +34,14 @@ sq_keyserver_t sq_keyserver_with_cert (sq_context_t ctx,
 				       size_t len);
 
 /*/
-/// Returns a handle for the SKS keyserver pool.
+/// Returns a handle for keys.openpgp.org.
 ///
-/// The pool `hkps://hkps.pool.sks-keyservers.net` provides HKP
-/// services over https.  It is authenticated using a certificate
-/// included in this library.  It is a good default choice.
+/// The server at `hkps://keys.openpgp.org` distributes updates for
+/// OpenPGP certificates.  It is a good default choice.
 ///
 /// Returns `NULL` on errors.
 /*/
-sq_keyserver_t sq_keyserver_sks_pool (sq_context_t ctx);
+sq_keyserver_t sq_keyserver_keys_openpgp_org (sq_context_t ctx);
 
 /*/
 /// Frees a keyserver object.
diff --git a/ffi/lang/python/sequoia/net.py b/ffi/lang/python/sequoia/net.py
index c5f4a7f4..a89c4e4f 100644
--- a/ffi/lang/python/sequoia/net.py
+++ b/ffi/lang/python/sequoia/net.py
@@ -19,8 +19,8 @@ class KeyServer(SQObject):
         return KeyServer(ks, context=ctx)
 
     @classmethod
-    def sks_pool(cls, ctx):
-        return KeyServer(lib.sq_keyserver_sks_pool(ctx.ref()),
+    def keys_openpgp_org(cls, ctx):
+        return KeyServer(lib.sq_keyserver_keys_openpgp_org(ctx.ref()),
                          context=ctx)
 
     def get(self, keyid):
diff --git a/ffi/src/net.rs b/ffi/src/net.rs
index 5709e09a..29e46458 100644
--- a/ffi/src/net.rs
+++ b/ffi/src/net.rs
@@ -22,7 +22,7 @@
 //! pgp_tpk_t tpk;
 //!
 //! ctx = sq_context_new (NULL);
-//! ks = sq_keyserver_sks_pool (ctx);
+//! ks = sq_keyserver_keys_openpgp_org (ctx);
 //! id = pgp_keyid_from_bytes ((uint8_t *) "\x24\x7F\x6D\xAB\xC8\x49\x14\xFE");
 //! tpk = sq_keyserver_get (ctx, ks, id);
 //! ```
@@ -89,18 +89,17 @@ fn sq_keyserver_with_cert(ctx: *mut Context,
     ffi_try_box!(KeyServer::with_cert(&ctx.c, &uri, cert))
 }
 
-/// Returns a handle for the SKS keyserver pool.
+/// Returns a handle for keys.openpgp.org.
 ///
-/// The pool `hkps://hkps.pool.sks-keyservers.net` provides HKP
-/// services over https.  It is authenticated using a certificate
-/// included in this library.  It is a good default choice.
+/// The server at `hkps://keys.openpgp.org` distributes updates for
+/// OpenPGP certificates.  It is a good default choice.
 ///
 /// Returns `NULL` on errors.
 #[::sequoia_ffi_macros::extern_fn] #[no_mangle] pub extern "C"
-fn sq_keyserver_sks_pool(ctx: *mut Context) -> *mut KeyServer {
+fn sq_keyserver_keys_openpgp_org(ctx: *mut Context) -> *mut KeyServer {
     let ctx = ffi_param_ref_mut!(ctx);
     ffi_make_fry_from_ctx!(ctx);
-    ffi_try_box!(KeyServer::sks_pool(&ctx.c))
+    ffi_try_box!(KeyServer::keys_openpgp_org(&ctx.c))
 }
 
 /// Frees a keyserver object.
diff --git a/net/src/lib.rs b/net/src/lib.rs
index ad023d67..e37e6ece 100644
--- a/net/src/lib.rs
+++ b/net/src/lib.rs
@@ -26,7 +26,7 @@
 //! # fn f() -> Result<()> {
 //! let mut core = Core::new().unwrap();
 //! let ctx = Context::new()?;
-//! let mut ks = KeyServer::sks_pool(&ctx)?;
+//! let mut ks = KeyServer::keys_openpgp_org(&ctx)?;
 //! let keyid = KeyID::from_hex("31855247603831FD").unwrap();
 //! println!("{:?}", core.run(ks.get(&keyid)));
 //! Ok(())
@@ -127,16 +127,12 @@ impl KeyServer {
         Self::make(ctx, client, uri)
     }
 
-    /// Returns a handle for the SKS keyserver pool.
+    /// Returns a handle for keys.openpgp.org.
     ///
-    /// The pool `hkps://hkps.pool.sks-keyservers.net` provides HKP
-    /// services over https.  It is authenticated using a certificate
-    /// included in this library.  It is a good default choice.
-    pub fn sks_pool(ctx: &Context) -> Result<Self> {
-        let uri = "hkps://hkps.pool.sks-keyservers.net";
-        let cert = Certificate::from_der(
-            include_bytes!("sks-keyservers.netCA.der")).unwrap();
-        Self::with_cert(ctx, uri, cert)
+    /// The server at `hkps://keys.openpgp.org` distributes updates
+    /// for OpenPGP certificates.  It is a good default choice.
+    pub fn keys_openpgp_org(ctx: &Context) -> Result<Self> {
+        Self::new(ctx, "hkps://keys.openpgp.org")
     }
 
     /// Common code for the above functions.
diff --git a/net/src/sks-keyservers.netCA.der b/net/src/sks-keyservers.netCA.der
deleted file mode 100644
index 80ca132b..00000000
Binary files a/net/src/sks-keyservers.netCA.der and /dev/null differ
diff --git a/store/src/backend/mod.rs b/store/src/backend/mod.rs
index 6312373f..6351a676 100644
--- a/store/src/backend/mod.rs
+++ b/store/src/backend/mod.rs
@@ -896,7 +896,7 @@ impl KeyServer {
 
         let ctx = core::Context::configure()
             .network_policy(network_policy).build()?;
-        let keyserver = net::KeyServer::sks_pool(&ctx)?;
+        let keyserver = net::KeyServer::keys_openpgp_org(&ctx)?;
 
         Ok((KeyServer::new(c.clone(), id),
             fingerprint.to_keyid(),
diff --git a/tool/src/sq.rs b/tool/src/sq.rs
index 0e8a1439..02350b38 100644
--- a/tool/src/sq.rs
+++ b/tool/src/sq.rs
@@ -304,7 +304,7 @@ fn real_main() -> Result<(), failure::Error> {
             let mut ks = if let Some(uri) = m.value_of("server") {
                 KeyServer::new(&ctx, &uri)
             } else {
-                KeyServer::sks_pool(&ctx)
+                KeyServer::keys_openpgp_org(&ctx)
             }.context("Malformed keyserver URI")?;
 
             match m.subcommand() {
-- 
cgit v1.2.3