2011-11-29 13:17:20 +01:00
|
|
|
/* dns-cert.c - DNS CERT code (rfc-4398)
|
2009-12-08 17:30:33 +01:00
|
|
|
* Copyright (C) 2005, 2006, 2009 Free Software Foundation, Inc.
|
2006-06-16 13:49:27 +02:00
|
|
|
*
|
|
|
|
|
* This file is part of GNUPG.
|
|
|
|
|
*
|
Change license for some files in common to LGPLv3+/GPLv2+.
Having the LGPL on the common GnuPG code helps to share code
between GnuPG and related projects (like GPGME and Libassuan). This
is good for interoperability and to reduces bugs.
* common/asshelp.c, common/asshelp.h, common/asshelp2.c, common/b64dec.c
* common/b64enc.c, common/convert.c, common/dns-cert.c
* common/dns-cert.h common/exechelp-posix.c, common/exechelp-w32.c
* common/exechelp-w32ce.c, common/exechelp.h, common/get-passphrase.c
* common/get-passphrase.h, common/gettime.c, common/gpgrlhelp.c
* common/helpfile.c, common/homedir.c, common/http.c, common/http.h
* common/i18n.c, common/init.c, common/init.h, common/iobuf.c
* common/iobuf.h, common/localename.c, common/membuf.c, common/membuf.h
* common/miscellaneous.c, common/openpgp-oid.c, common/openpgpdefs.h
* common/percent.c, common/pka.c, common/pka.h, common/session-env.c
* common/session-env.h, common/sexp-parse.h, common/sexputil.c
* common/signal.c, common/srv.c, common/srv.h, common/ssh-utils.c
* common/ssh-utils.h, common/sysutils.c, common/sysutils.h
* common/tlv.c, common/tlv.h, common/ttyio.c, common/ttyio.h
* common/userids.c, common/userids.h, common/xasprintf.c: Change
license to LGPLv3+/GPLv2+/
2012-04-20 15:43:06 +02:00
|
|
|
* This file is free software; you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of either
|
2006-06-16 13:49:27 +02:00
|
|
|
*
|
Change license for some files in common to LGPLv3+/GPLv2+.
Having the LGPL on the common GnuPG code helps to share code
between GnuPG and related projects (like GPGME and Libassuan). This
is good for interoperability and to reduces bugs.
* common/asshelp.c, common/asshelp.h, common/asshelp2.c, common/b64dec.c
* common/b64enc.c, common/convert.c, common/dns-cert.c
* common/dns-cert.h common/exechelp-posix.c, common/exechelp-w32.c
* common/exechelp-w32ce.c, common/exechelp.h, common/get-passphrase.c
* common/get-passphrase.h, common/gettime.c, common/gpgrlhelp.c
* common/helpfile.c, common/homedir.c, common/http.c, common/http.h
* common/i18n.c, common/init.c, common/init.h, common/iobuf.c
* common/iobuf.h, common/localename.c, common/membuf.c, common/membuf.h
* common/miscellaneous.c, common/openpgp-oid.c, common/openpgpdefs.h
* common/percent.c, common/pka.c, common/pka.h, common/session-env.c
* common/session-env.h, common/sexp-parse.h, common/sexputil.c
* common/signal.c, common/srv.c, common/srv.h, common/ssh-utils.c
* common/ssh-utils.h, common/sysutils.c, common/sysutils.h
* common/tlv.c, common/tlv.h, common/ttyio.c, common/ttyio.h
* common/userids.c, common/userids.h, common/xasprintf.c: Change
license to LGPLv3+/GPLv2+/
2012-04-20 15:43:06 +02:00
|
|
|
* - the GNU Lesser General Public License as published by the Free
|
|
|
|
|
* Software Foundation; either version 3 of the License, or (at
|
|
|
|
|
* your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* or
|
|
|
|
|
*
|
|
|
|
|
* - the GNU General Public License as published by the Free
|
|
|
|
|
* Software Foundation; either version 2 of the License, or (at
|
|
|
|
|
* your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* or both in parallel, as here.
|
|
|
|
|
*
|
|
|
|
|
* This file is distributed in the hope that it will be useful,
|
2006-06-16 13:49:27 +02:00
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License
|
2007-07-04 21:49:40 +02:00
|
|
|
* along with this program; if not, see <http://www.gnu.org/licenses/>.
|
2006-06-16 13:49:27 +02:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <config.h>
|
|
|
|
|
#include <sys/types.h>
|
|
|
|
|
#ifdef USE_DNS_CERT
|
|
|
|
|
# ifdef HAVE_W32_SYSTEM
|
2009-12-08 13:20:11 +01:00
|
|
|
# include <windows.h>
|
2006-06-16 13:49:27 +02:00
|
|
|
# else
|
2009-12-08 13:20:11 +01:00
|
|
|
# include <netinet/in.h>
|
|
|
|
|
# include <arpa/nameser.h>
|
|
|
|
|
# include <resolv.h>
|
|
|
|
|
# endif
|
|
|
|
|
# include <string.h>
|
|
|
|
|
#endif
|
|
|
|
|
#ifdef USE_ADNS
|
|
|
|
|
# include <adns.h>
|
|
|
|
|
# ifndef HAVE_ADNS_FREE
|
|
|
|
|
# define adns_free free
|
2006-06-16 13:49:27 +02:00
|
|
|
# endif
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#include "util.h"
|
|
|
|
|
#include "dns-cert.h"
|
|
|
|
|
|
|
|
|
|
/* Not every installation has gotten around to supporting CERTs
|
|
|
|
|
yet... */
|
|
|
|
|
#ifndef T_CERT
|
|
|
|
|
#define T_CERT 37
|
|
|
|
|
#endif
|
|
|
|
|
|
2011-11-28 18:11:59 +01:00
|
|
|
/* ADNS has no support for CERT yet. */
|
2009-12-08 13:20:11 +01:00
|
|
|
#define my_adns_r_cert 37
|
|
|
|
|
|
|
|
|
|
|
2011-11-29 13:17:20 +01:00
|
|
|
/* Certificate types according to RFC-4398. */
|
|
|
|
|
#define CERTTYPE_PKIX 1 /* X.509 as per PKIX. */
|
|
|
|
|
#define CERTTYPE_SPKI 2 /* SPKI certificate. */
|
|
|
|
|
#define CERTTYPE_PGP 3 /* OpenPGP packet. */
|
|
|
|
|
#define CERTTYPE_IPKIX 4 /* The URL of an X.509 data object. */
|
|
|
|
|
#define CERTTYPE_ISPKI 5 /* The URL of an SPKI certificate. */
|
|
|
|
|
#define CERTTYPE_IPGP 6 /* The fingerprint and URL of an OpenPGP packet.*/
|
|
|
|
|
#define CERTTYPE_ACPKIX 7 /* Attribute Certificate. */
|
|
|
|
|
#define CERTTYPE_IACPKIX 8 /* The URL of an Attribute Certificate. */
|
|
|
|
|
#define CERTTYPE_URI 253 /* URI private. */
|
|
|
|
|
#define CERTTYPE_OID 254 /* OID private. */
|
|
|
|
|
|
2006-06-16 13:49:27 +02:00
|
|
|
|
2011-11-30 17:14:08 +01:00
|
|
|
/* Returns 0 on success or an error code. If a PGP CERT record was
|
|
|
|
|
found, a new estream with that key will be returned at R_KEY and
|
|
|
|
|
the other return parameters are set to NULL/0. If an IPGP CERT
|
|
|
|
|
record was found the fingerprint is stored as an allocated block at
|
|
|
|
|
R_FPR and its length at R_FPRLEN; an URL is is allocated as a
|
|
|
|
|
string and returned at R_URL. Note that this function returns the
|
|
|
|
|
first CERT found with a supported type; it is expected that only
|
|
|
|
|
one CERT record is used. */
|
|
|
|
|
gpg_error_t
|
2012-02-07 10:15:57 +01:00
|
|
|
get_dns_cert (const char *name, estream_t *r_key,
|
|
|
|
|
unsigned char **r_fpr, size_t *r_fprlen, char **r_url)
|
2006-06-16 13:49:27 +02:00
|
|
|
{
|
|
|
|
|
#ifdef USE_DNS_CERT
|
2009-12-08 13:20:11 +01:00
|
|
|
#ifdef USE_ADNS
|
2011-11-30 17:14:08 +01:00
|
|
|
gpg_error_t err;
|
2009-12-08 13:20:11 +01:00
|
|
|
adns_state state;
|
|
|
|
|
adns_answer *answer = NULL;
|
|
|
|
|
unsigned int ctype;
|
|
|
|
|
int count;
|
|
|
|
|
|
2011-11-30 17:14:08 +01:00
|
|
|
*r_key = NULL;
|
|
|
|
|
*r_fpr = NULL;
|
|
|
|
|
*r_fprlen = 0;
|
|
|
|
|
*r_url = NULL;
|
|
|
|
|
|
|
|
|
|
if (adns_init (&state, adns_if_noerrprint, NULL))
|
2009-12-08 13:20:11 +01:00
|
|
|
{
|
2012-02-07 10:15:57 +01:00
|
|
|
err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
|
2009-12-08 13:20:11 +01:00
|
|
|
log_error ("error initializing adns: %s\n", strerror (errno));
|
2011-11-30 17:14:08 +01:00
|
|
|
return err;
|
2009-12-08 13:20:11 +01:00
|
|
|
}
|
|
|
|
|
|
2011-11-30 17:14:08 +01:00
|
|
|
if (adns_synchronous (state, name, (adns_r_unknown | my_adns_r_cert),
|
|
|
|
|
adns_qf_quoteok_query, &answer))
|
2009-12-08 13:20:11 +01:00
|
|
|
{
|
2012-02-07 10:15:57 +01:00
|
|
|
err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
|
2009-12-08 13:20:11 +01:00
|
|
|
/* log_error ("DNS query failed: %s\n", strerror (errno)); */
|
|
|
|
|
adns_finish (state);
|
2011-11-30 17:14:08 +01:00
|
|
|
return err;
|
2009-12-08 13:20:11 +01:00
|
|
|
}
|
2011-02-04 12:57:53 +01:00
|
|
|
if (answer->status != adns_s_ok)
|
2009-12-08 13:20:11 +01:00
|
|
|
{
|
|
|
|
|
/* log_error ("DNS query returned an error: %s (%s)\n", */
|
|
|
|
|
/* adns_strerror (answer->status), */
|
|
|
|
|
/* adns_errabbrev (answer->status)); */
|
2012-02-07 10:15:57 +01:00
|
|
|
err = gpg_err_make (default_errsource, GPG_ERR_NOT_FOUND);
|
2011-11-30 17:14:08 +01:00
|
|
|
goto leave;
|
2009-12-08 13:20:11 +01:00
|
|
|
}
|
|
|
|
|
|
2012-02-07 10:15:57 +01:00
|
|
|
err = gpg_err_make (default_errsource, GPG_ERR_NOT_FOUND);
|
2011-11-30 17:14:08 +01:00
|
|
|
for (count = 0; count < answer->nrrs; count++)
|
2009-12-08 13:20:11 +01:00
|
|
|
{
|
|
|
|
|
int datalen = answer->rrs.byteblock[count].len;
|
|
|
|
|
const unsigned char *data = answer->rrs.byteblock[count].data;
|
|
|
|
|
|
|
|
|
|
if (datalen < 5)
|
|
|
|
|
continue; /* Truncated CERT record - skip. */
|
|
|
|
|
|
2011-11-28 18:35:19 +01:00
|
|
|
ctype = ((data[0] << 8) | data[1]);
|
2009-12-08 13:20:11 +01:00
|
|
|
/* (key tag and algorithm fields are not required.) */
|
|
|
|
|
data += 5;
|
|
|
|
|
datalen -= 5;
|
|
|
|
|
|
2011-11-29 13:17:20 +01:00
|
|
|
if (ctype == CERTTYPE_PGP && datalen >= 11)
|
2009-12-08 13:20:11 +01:00
|
|
|
{
|
|
|
|
|
/* CERT type is PGP. Gpg checks for a minimum length of 11,
|
|
|
|
|
thus we do the same. */
|
2011-11-30 17:14:08 +01:00
|
|
|
*r_key = es_fopenmem_init (0, "rwb", data, datalen);
|
|
|
|
|
if (!*r_key)
|
2012-02-07 10:15:57 +01:00
|
|
|
err = gpg_err_make (default_errsource,
|
|
|
|
|
gpg_err_code_from_syserror ());
|
2011-11-30 17:14:08 +01:00
|
|
|
else
|
|
|
|
|
err = 0;
|
|
|
|
|
goto leave;
|
2009-12-08 13:20:11 +01:00
|
|
|
}
|
2011-11-29 13:17:20 +01:00
|
|
|
else if (ctype == CERTTYPE_IPGP && datalen && datalen < 1023
|
2013-08-01 10:30:27 +02:00
|
|
|
&& datalen >= data[0] + 1 && r_fpr && r_fprlen && r_url)
|
2009-12-08 13:20:11 +01:00
|
|
|
{
|
2011-11-29 13:17:20 +01:00
|
|
|
/* CERT type is IPGP. We made sure that the data is
|
|
|
|
|
plausible and that the caller requested this
|
2009-12-08 13:20:11 +01:00
|
|
|
information. */
|
2011-11-30 17:14:08 +01:00
|
|
|
*r_fprlen = data[0];
|
|
|
|
|
if (*r_fprlen)
|
2009-12-08 13:20:11 +01:00
|
|
|
{
|
2011-11-30 17:14:08 +01:00
|
|
|
*r_fpr = xtrymalloc (*r_fprlen);
|
|
|
|
|
if (!*r_fpr)
|
|
|
|
|
{
|
2012-02-07 10:15:57 +01:00
|
|
|
err = gpg_err_make (default_errsource,
|
|
|
|
|
gpg_err_code_from_syserror ());
|
2011-11-30 17:14:08 +01:00
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
memcpy (*r_fpr, data + 1, *r_fprlen);
|
2009-12-08 13:20:11 +01:00
|
|
|
}
|
|
|
|
|
else
|
2011-11-30 17:14:08 +01:00
|
|
|
*r_fpr = NULL;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
2011-11-30 17:14:08 +01:00
|
|
|
if (datalen > *r_fprlen + 1)
|
2009-12-08 13:20:11 +01:00
|
|
|
{
|
2013-08-01 10:30:27 +02:00
|
|
|
*r_url = xtrymalloc (datalen - (*r_fprlen + 1) + 1);
|
2011-11-30 17:14:08 +01:00
|
|
|
if (!*r_url)
|
|
|
|
|
{
|
2012-02-07 10:15:57 +01:00
|
|
|
err = gpg_err_make (default_errsource,
|
|
|
|
|
gpg_err_code_from_syserror ());
|
2011-11-30 17:14:08 +01:00
|
|
|
xfree (*r_fpr);
|
|
|
|
|
*r_fpr = NULL;
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
2013-08-01 10:30:27 +02:00
|
|
|
memcpy (*r_url,
|
|
|
|
|
data + (*r_fprlen + 1), datalen - (*r_fprlen + 1));
|
|
|
|
|
(*r_url)[datalen - (*r_fprlen + 1)] = '\0';
|
2009-12-08 13:20:11 +01:00
|
|
|
}
|
|
|
|
|
else
|
2011-11-30 17:14:08 +01:00
|
|
|
*r_url = NULL;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
2011-11-30 17:14:08 +01:00
|
|
|
err = 0;
|
|
|
|
|
goto leave;
|
2009-12-08 13:20:11 +01:00
|
|
|
}
|
|
|
|
|
}
|
2011-02-04 12:57:53 +01:00
|
|
|
|
2011-11-30 17:14:08 +01:00
|
|
|
leave:
|
2009-12-08 13:20:11 +01:00
|
|
|
adns_free (answer);
|
|
|
|
|
adns_finish (state);
|
2011-11-30 17:14:08 +01:00
|
|
|
return err;
|
2009-12-08 13:20:11 +01:00
|
|
|
|
|
|
|
|
#else /*!USE_ADNS*/
|
|
|
|
|
|
2011-11-30 17:14:08 +01:00
|
|
|
gpg_error_t err;
|
2006-06-16 13:49:27 +02:00
|
|
|
unsigned char *answer;
|
2011-11-28 18:35:19 +01:00
|
|
|
int r;
|
2006-06-16 13:49:27 +02:00
|
|
|
u16 count;
|
|
|
|
|
|
2011-11-30 17:14:08 +01:00
|
|
|
*r_key = NULL;
|
|
|
|
|
*r_fpr = NULL;
|
|
|
|
|
*r_fprlen = 0;
|
|
|
|
|
*r_url = NULL;
|
2006-06-16 13:49:27 +02:00
|
|
|
|
2011-11-30 17:14:08 +01:00
|
|
|
/* Allocate a 64k buffer which is the limit for an DNS response. */
|
|
|
|
|
answer = xtrymalloc (65536);
|
|
|
|
|
if (!answer)
|
2012-02-07 10:15:57 +01:00
|
|
|
return gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
|
2006-06-16 13:49:27 +02:00
|
|
|
|
2012-02-07 10:15:57 +01:00
|
|
|
err = gpg_err_make (default_errsource, GPG_ERR_NOT_FOUND);
|
2006-06-16 13:49:27 +02:00
|
|
|
|
2011-11-30 17:14:08 +01:00
|
|
|
r = res_query (name, C_IN, T_CERT, answer, 65536);
|
2006-06-16 13:49:27 +02:00
|
|
|
/* Not too big, not too small, no errors and at least 1 answer. */
|
2011-11-30 17:14:08 +01:00
|
|
|
if (r >= sizeof (HEADER) && r <= 65536
|
2011-11-28 18:35:19 +01:00
|
|
|
&& (((HEADER *) answer)->rcode) == NOERROR
|
|
|
|
|
&& (count = ntohs (((HEADER *) answer)->ancount)))
|
2006-06-16 13:49:27 +02:00
|
|
|
{
|
|
|
|
|
int rc;
|
2011-11-28 18:35:19 +01:00
|
|
|
unsigned char *pt, *emsg;
|
2006-06-16 13:49:27 +02:00
|
|
|
|
2011-11-28 18:35:19 +01:00
|
|
|
emsg = &answer[r];
|
2006-06-16 13:49:27 +02:00
|
|
|
|
2011-11-28 18:35:19 +01:00
|
|
|
pt = &answer[sizeof (HEADER)];
|
2006-06-16 13:49:27 +02:00
|
|
|
|
|
|
|
|
/* Skip over the query */
|
|
|
|
|
|
2011-11-28 18:35:19 +01:00
|
|
|
rc = dn_skipname (pt, emsg);
|
|
|
|
|
if (rc == -1)
|
2011-11-30 17:14:08 +01:00
|
|
|
{
|
2012-02-07 10:15:57 +01:00
|
|
|
err = gpg_err_make (default_errsource, GPG_ERR_INV_OBJ);
|
2011-11-30 17:14:08 +01:00
|
|
|
goto leave;
|
|
|
|
|
}
|
2011-11-28 18:35:19 +01:00
|
|
|
pt += rc + QFIXEDSZ;
|
2006-06-16 13:49:27 +02:00
|
|
|
|
|
|
|
|
/* There are several possible response types for a CERT request.
|
2011-11-28 18:35:19 +01:00
|
|
|
We're interested in the PGP (a key) and IPGP (a URI) types.
|
|
|
|
|
Skip all others. TODO: A key is better than a URI since
|
|
|
|
|
we've gone through all this bother to fetch it, so favor that
|
|
|
|
|
if we have both PGP and IPGP? */
|
|
|
|
|
|
|
|
|
|
while (count-- > 0 && pt < emsg)
|
|
|
|
|
{
|
|
|
|
|
u16 type, class, dlen, ctype;
|
|
|
|
|
|
|
|
|
|
rc = dn_skipname (pt, emsg); /* the name we just queried for */
|
|
|
|
|
if (rc == -1)
|
2011-11-30 17:14:08 +01:00
|
|
|
{
|
2012-02-07 10:15:57 +01:00
|
|
|
err = gpg_err_make (default_errsource, GPG_ERR_INV_OBJ);
|
2011-11-30 17:14:08 +01:00
|
|
|
goto leave;
|
|
|
|
|
}
|
2011-11-28 18:35:19 +01:00
|
|
|
|
|
|
|
|
pt += rc;
|
|
|
|
|
|
|
|
|
|
/* Truncated message? 15 bytes takes us to the point where
|
|
|
|
|
we start looking at the ctype. */
|
|
|
|
|
if ((emsg - pt) < 15)
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
type = *pt++ << 8;
|
|
|
|
|
type |= *pt++;
|
|
|
|
|
|
|
|
|
|
class = *pt++ << 8;
|
|
|
|
|
class |= *pt++;
|
|
|
|
|
/* We asked for IN and got something else !? */
|
|
|
|
|
if (class != C_IN)
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
/* ttl */
|
|
|
|
|
pt += 4;
|
|
|
|
|
|
|
|
|
|
/* data length */
|
|
|
|
|
dlen = *pt++ << 8;
|
|
|
|
|
dlen |= *pt++;
|
|
|
|
|
|
|
|
|
|
/* We asked for CERT and got something else - might be a
|
|
|
|
|
CNAME, so loop around again. */
|
|
|
|
|
if (type != T_CERT)
|
|
|
|
|
{
|
|
|
|
|
pt += dlen;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* The CERT type */
|
|
|
|
|
ctype = *pt++ << 8;
|
|
|
|
|
ctype |= *pt++;
|
|
|
|
|
|
|
|
|
|
/* Skip the CERT key tag and algo which we don't need. */
|
|
|
|
|
pt += 3;
|
|
|
|
|
|
|
|
|
|
dlen -= 5;
|
|
|
|
|
|
|
|
|
|
/* 15 bytes takes us to here */
|
|
|
|
|
|
2011-11-30 17:14:08 +01:00
|
|
|
if (ctype == CERTTYPE_PGP && dlen)
|
2011-11-28 18:35:19 +01:00
|
|
|
{
|
|
|
|
|
/* PGP type */
|
2011-11-30 17:14:08 +01:00
|
|
|
*r_key = es_fopenmem_init (0, "rwb", pt, dlen);
|
|
|
|
|
if (!*r_key)
|
2012-02-07 10:15:57 +01:00
|
|
|
err = gpg_err_make (default_errsource,
|
|
|
|
|
gpg_err_code_from_syserror ());
|
2011-11-30 17:14:08 +01:00
|
|
|
else
|
|
|
|
|
err = 0;
|
|
|
|
|
goto leave;
|
2011-11-28 18:35:19 +01:00
|
|
|
}
|
2011-11-29 13:17:20 +01:00
|
|
|
else if (ctype == CERTTYPE_IPGP
|
2011-11-30 17:14:08 +01:00
|
|
|
&& dlen && dlen < 1023 && dlen >= pt[0] + 1)
|
2011-11-28 18:35:19 +01:00
|
|
|
{
|
|
|
|
|
/* IPGP type */
|
2011-11-30 17:14:08 +01:00
|
|
|
*r_fprlen = pt[0];
|
|
|
|
|
if (*r_fprlen)
|
2011-11-28 18:35:19 +01:00
|
|
|
{
|
2011-11-30 17:14:08 +01:00
|
|
|
*r_fpr = xtrymalloc (*r_fprlen);
|
|
|
|
|
if (!*r_fpr)
|
|
|
|
|
{
|
2012-02-07 10:15:57 +01:00
|
|
|
err = gpg_err_make (default_errsource,
|
2011-11-30 17:14:08 +01:00
|
|
|
gpg_err_code_from_syserror ());
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
memcpy (*r_fpr, &pt[1], *r_fprlen);
|
2011-11-28 18:35:19 +01:00
|
|
|
}
|
|
|
|
|
else
|
2011-11-30 17:14:08 +01:00
|
|
|
*r_fpr = NULL;
|
2011-11-28 18:35:19 +01:00
|
|
|
|
2011-11-30 17:14:08 +01:00
|
|
|
if (dlen > *r_fprlen + 1)
|
2011-11-28 18:35:19 +01:00
|
|
|
{
|
2011-11-30 17:14:08 +01:00
|
|
|
*r_url = xtrymalloc (dlen - (*r_fprlen + 1) + 1);
|
|
|
|
|
if (!*r_fpr)
|
|
|
|
|
{
|
2012-02-07 10:15:57 +01:00
|
|
|
err = gpg_err_make (default_errsource,
|
2011-11-30 17:14:08 +01:00
|
|
|
gpg_err_code_from_syserror ());
|
|
|
|
|
xfree (*r_fpr);
|
|
|
|
|
*r_fpr = NULL;
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
memcpy (*r_url, &pt[*r_fprlen + 1], dlen - (*r_fprlen + 1));
|
|
|
|
|
(*r_url)[dlen - (*r_fprlen + 1)] = '\0';
|
2011-11-28 18:35:19 +01:00
|
|
|
}
|
|
|
|
|
else
|
2011-11-30 17:14:08 +01:00
|
|
|
*r_url = NULL;
|
2011-11-28 18:35:19 +01:00
|
|
|
|
2011-11-30 17:14:08 +01:00
|
|
|
err = 0;
|
|
|
|
|
goto leave;
|
2011-11-28 18:35:19 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Neither type matches, so go around to the next answer. */
|
|
|
|
|
pt += dlen;
|
|
|
|
|
}
|
2006-06-16 13:49:27 +02:00
|
|
|
}
|
|
|
|
|
|
2011-11-30 17:14:08 +01:00
|
|
|
leave:
|
2011-11-28 18:35:19 +01:00
|
|
|
xfree (answer);
|
2011-11-30 17:14:08 +01:00
|
|
|
return err;
|
|
|
|
|
|
2011-11-28 18:35:19 +01:00
|
|
|
#endif /*!USE_ADNS */
|
2006-06-16 13:49:27 +02:00
|
|
|
#else /* !USE_DNS_CERT */
|
2010-03-22 13:46:05 +01:00
|
|
|
(void)name;
|
2014-02-10 20:14:14 +01:00
|
|
|
*r_key = NULL;
|
|
|
|
|
*r_fpr = NULL;
|
|
|
|
|
*r_fprlen = 0;
|
|
|
|
|
*r_url = NULL;
|
2010-03-22 13:46:05 +01:00
|
|
|
|
2012-02-07 10:15:57 +01:00
|
|
|
return gpg_err_make (default_errsource, GPG_ERR_NOT_SUPPORTED);
|
2006-06-16 13:49:27 +02:00
|
|
|
#endif
|
|
|
|
|
}
|