mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-11 13:14:25 +01:00
Workaround for the pksd and OKS keyserver bug that calculates v4 RSA
keyids as if they were v3. The workaround/hack is to fetch both the v4 (e.g. 99242560) and v3 (e.g. 68FDDBC7) keyids. This only happens for key refresh while using the HKP scheme and the refresh-add-fake-v3-keyids keyserver option must be set. This should stay off by default.
This commit is contained in:
parent
346b795eb9
commit
02fe4b0185
@ -1,3 +1,13 @@
|
|||||||
|
2002-02-04 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
|
* keyserver.c, options.h (parse_keyserver_options, keyidlist):
|
||||||
|
Workaround for the pksd and OKS keyserver bug that calculates v4
|
||||||
|
RSA keyids as if they were v3. The workaround/hack is to fetch
|
||||||
|
both the v4 (e.g. 99242560) and v3 (e.g. 68FDDBC7) keyids. This
|
||||||
|
only happens for key refresh while using the HKP scheme and the
|
||||||
|
refresh-add-fake-v3-keyids keyserver option must be set. This
|
||||||
|
should stay off by default.
|
||||||
|
|
||||||
2002-02-03 David Shaw <dshaw@jabberwocky.com>
|
2002-02-03 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
* keyserver.c (keyserver_spawn): Bug fix - do not append keys to
|
* keyserver.c (keyserver_spawn): Bug fix - do not append keys to
|
||||||
|
@ -86,6 +86,10 @@ parse_keyserver_options(char *options)
|
|||||||
opt.honor_http_proxy=1;
|
opt.honor_http_proxy=1;
|
||||||
else if(strcasecmp(tok,"no-honor-http-proxy")==0)
|
else if(strcasecmp(tok,"no-honor-http-proxy")==0)
|
||||||
opt.honor_http_proxy=0;
|
opt.honor_http_proxy=0;
|
||||||
|
else if(strcasecmp(tok,"refresh-add-fake-v3-keyids")==0)
|
||||||
|
opt.keyserver_options.refresh_add_fake_v3_keyids=1;
|
||||||
|
else if(strcasecmp(tok,"no-refresh-add-fake-v3-keyids")==0)
|
||||||
|
opt.keyserver_options.refresh_add_fake_v3_keyids=0;
|
||||||
else if(strlen(tok)>0)
|
else if(strlen(tok)>0)
|
||||||
add_to_strlist(&opt.keyserver_options.other,tok);
|
add_to_strlist(&opt.keyserver_options.other,tok);
|
||||||
|
|
||||||
@ -660,7 +664,7 @@ keyserver_import_keyid(u32 *keyid)
|
|||||||
|
|
||||||
/* code mostly stolen from do_export_stream */
|
/* code mostly stolen from do_export_stream */
|
||||||
static int
|
static int
|
||||||
keyidlist(STRLIST users,u32 (**kidlist)[2],int *count)
|
keyidlist(STRLIST users,u32 (**kidlist)[2],int *count,int fakev3)
|
||||||
{
|
{
|
||||||
int rc=0,ndesc,num=100;
|
int rc=0,ndesc,num=100;
|
||||||
KBNODE keyblock=NULL,node;
|
KBNODE keyblock=NULL,node;
|
||||||
@ -711,6 +715,27 @@ keyidlist(STRLIST users,u32 (**kidlist)[2],int *count)
|
|||||||
|
|
||||||
if((node=find_kbnode(keyblock,PKT_PUBLIC_KEY)))
|
if((node=find_kbnode(keyblock,PKT_PUBLIC_KEY)))
|
||||||
{
|
{
|
||||||
|
/* This is to work around a bug in some keyservers (pksd and
|
||||||
|
OKS) that calculate v4 RSA keyids as if they were v3 RSA.
|
||||||
|
The answer is to refresh both the correct v4 keyid
|
||||||
|
(e.g. 99242560) and the fake v3 keyid (e.g. 68FDDBC7).
|
||||||
|
This only happens for key refresh using the HKP scheme
|
||||||
|
and if the refresh-add-fake-v3-keyids keyserver option is
|
||||||
|
set. */
|
||||||
|
if(fakev3 && is_RSA(node->pkt->pkt.public_key->pubkey_algo) &&
|
||||||
|
node->pkt->pkt.public_key->version>=4)
|
||||||
|
{
|
||||||
|
mpi_get_keyid(node->pkt->pkt.public_key->pkey[0],
|
||||||
|
(*kidlist)[*count]);
|
||||||
|
(*count)++;
|
||||||
|
|
||||||
|
if(*count==num)
|
||||||
|
{
|
||||||
|
num+=100;
|
||||||
|
*kidlist=m_realloc(*kidlist,sizeof(u32)*2*num);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
keyid_from_pk(node->pkt->pkt.public_key,(*kidlist)[*count]);
|
keyid_from_pk(node->pkt->pkt.public_key,(*kidlist)[*count]);
|
||||||
|
|
||||||
(*count)++;
|
(*count)++;
|
||||||
@ -739,11 +764,19 @@ keyidlist(STRLIST users,u32 (**kidlist)[2],int *count)
|
|||||||
int
|
int
|
||||||
keyserver_refresh(STRLIST users)
|
keyserver_refresh(STRLIST users)
|
||||||
{
|
{
|
||||||
int rc;
|
int rc,count,fakev3=0;
|
||||||
u32 (*kidlist)[2];
|
u32 (*kidlist)[2];
|
||||||
int count;
|
|
||||||
|
|
||||||
rc=keyidlist(users,&kidlist,&count);
|
/* If refresh_add_fake_v3_keyids is on and it's a HKP scheme, then
|
||||||
|
enable fake v3 keyid generation. */
|
||||||
|
if(opt.keyserver_options.refresh_add_fake_v3_keyids &&
|
||||||
|
opt.keyserver_scheme &&
|
||||||
|
(strcasecmp(opt.keyserver_scheme,"x-hkp")==0 ||
|
||||||
|
strcasecmp(opt.keyserver_scheme,"hkp")==0 ||
|
||||||
|
strcasecmp(opt.keyserver_scheme,"x-broken-hkp")==0))
|
||||||
|
fakev3=1;
|
||||||
|
|
||||||
|
rc=keyidlist(users,&kidlist,&count,fakev3);
|
||||||
if(rc)
|
if(rc)
|
||||||
return rc;
|
return rc;
|
||||||
|
|
||||||
|
@ -107,6 +107,7 @@ struct {
|
|||||||
int include_disabled:1;
|
int include_disabled:1;
|
||||||
int use_temp_files:1;
|
int use_temp_files:1;
|
||||||
int keep_temp_files:1;
|
int keep_temp_files:1;
|
||||||
|
int refresh_add_fake_v3_keyids:1;
|
||||||
STRLIST other;
|
STRLIST other;
|
||||||
} keyserver_options;
|
} keyserver_options;
|
||||||
int exec_disable;
|
int exec_disable;
|
||||||
|
Loading…
x
Reference in New Issue
Block a user