dirmngr: Allow conf files to disable default keyservers.

* dirmngr/server.c (ensure_keyserver): Detect special value "none" (cmd_keyserver): Ignore "none" and "hkp://none". -- GnuPG-bug-id: 6708
2023-09-06 09:36:47 +02:00 · 2023-09-06 09:36:47 +02:00 · 0aa32e2429
parent 362a6dfb0a
commit 0aa32e2429
3 changed files with 23 additions and 5 deletions
--- a/3
+++ b/3
@ -36,6 +36,9 @@ Noteworthy changes in version 2.4.3 (2023-07-04)

  * dirmngr: New option --ignore-crl-extensions.  [T6545]

+  * dirmngr: Support config value "none" to disable the default
+    keyserver.  [T6708]
+
  * wkd: Use export-clean for gpg-wks-client's --mirror and --create
    commands.  [rG2c7f7a5a27]

--- a/dirmngr/server.c
+++ b/dirmngr/server.c
@ -2202,6 +2202,7 @@ ensure_keyserver (ctrl_t ctrl)
  uri_item_t plain_items = NULL;
  uri_item_t ui;
  strlist_t sl;
+  int none_seen = 1;

  if (ctrl->server_local->keyservers)
    return 0; /* Already set for this session.  */
@ -2214,6 +2215,11 @@ ensure_keyserver (ctrl_t ctrl)

  for (sl = opt.keyserver; sl; sl = sl->next)
    {
+      if (!strcmp (sl->d, "none"))
+        {
+          none_seen = 1;
+          continue;
+        }
      err = make_keyserver_item (sl->d, &item);
      if (err)
        goto leave;
@ -2229,6 +2235,12 @@ ensure_keyserver (ctrl_t ctrl)
        }
    }

+  if (none_seen && !plain_items && !onion_items)
+    {
+      err = gpg_error (GPG_ERR_NO_KEYSERVER);
+      goto leave;
+    }
+
  /* Decide which to use.  Note that the session has no keyservers
     yet set. */
  if (onion_items && !onion_items->next && plain_items && !plain_items->next)
@ -2299,8 +2311,7 @@ cmd_keyserver (assuan_context_t ctx, char *line)
  gpg_error_t err = 0;
  int clear_flag, add_flag, help_flag, host_flag, resolve_flag;
  int dead_flag, alive_flag;
-  uri_item_t item = NULL; /* gcc 4.4.5 is not able to detect that it
-                             is always initialized.  */
+  uri_item_t item = NULL;

  clear_flag = has_option (line, "--clear");
  help_flag = has_option (line, "--help");
@ -2366,13 +2377,16 @@ cmd_keyserver (assuan_context_t ctx, char *line)

  if (add_flag)
    {
-      err = make_keyserver_item (line, &item);
+      if (!strcmp (line, "none") || !strcmp (line, "hkp://none"))
+        err = 0;
+      else
+        err = make_keyserver_item (line, &item);
      if (err)
        goto leave;
    }
  if (clear_flag)
    release_ctrl_keyservers (ctrl);
-  if (add_flag)
+  if (add_flag && item)
    {
      item->next = ctrl->server_local->keyservers;
      ctrl->server_local->keyservers = item;
--- a/doc/dirmngr.texi
+++ b/doc/dirmngr.texi
@ -344,7 +344,8 @@ whether Tor is locally running or not.  The check for a running Tor is
 done for each new connection.

 If no keyserver is explicitly configured, dirmngr will use the
-built-in default of @code{https://keyserver.ubuntu.com}.
+built-in default of @code{https://keyserver.ubuntu.com}.  To avoid the
+use of a default keyserver the value @code{none} can be used.

 Windows users with a keyserver running on their Active Directory
 may use the short form @code{ldap:///} for @var{name} to access this directory.