security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

dirmngr: fix handling of HTTPS redirections during HKP 

* dirmngr/ks-engine-hkp.c (send_request): Reinitialize HTTP session when
following a HTTP redirection.

--
inspired by patch from Damien Goutte-Gattat <dgouttegattat@incenp.org>

GnuPG-Bug_id: 4566
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Originally applied to 2.2.  Here a minor conflict fix was needed.
This commit is contained in:
Daniel Kahn Gillmor 2019-06-11 08:25:46 +01:00 committed by Werner Koch
parent 23c9786408
commit 064aeb14c9
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
dirmngr/ks-engine-hkp.c
View File

@ -1221,6 +1221,7 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr,
/* FIXME: I am not sure whey we allow a downgrade for hkp requests.
* Needs at least an explanation here.. */
once_more:
err = http_session_new (&session, httphost,
((ctrl->http_no_crl? HTTP_FLAG_NO_CRL : 0)
| HTTP_FLAG_TRUST_DEF),
@ -1230,7 +1231,6 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr,
http_session_set_log_cb (session, cert_log_cb);
http_session_set_timeout (session, ctrl->timeout);
once_more:
err = http_open (ctrl, &http,
post_cb? HTTP_REQ_POST : HTTP_REQ_GET,
request,
@ -1310,6 +1310,8 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr,
request = request_buffer;
http_close (http, 0);
http = NULL;
http_session_release (session);
session = NULL;
}
goto once_more;