From 0aa32e2429bb4aaae4151567dc9556a01faea637 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Wed, 6 Sep 2023 09:36:47 +0200 Subject: [PATCH] dirmngr: Allow conf files to disable default keyservers. * dirmngr/server.c (ensure_keyserver): Detect special value "none" (cmd_keyserver): Ignore "none" and "hkp://none". -- GnuPG-bug-id: 6708 --- NEWS | 3 +++ dirmngr/server.c | 22 ++++++++++++++++++---- doc/dirmngr.texi | 3 ++- 3 files changed, 23 insertions(+), 5 deletions(-) diff --git a/NEWS b/NEWS index 94cd00c9f..f4ecb1d64 100644 --- a/NEWS +++ b/NEWS @@ -36,6 +36,9 @@ Noteworthy changes in version 2.4.3 (2023-07-04) * dirmngr: New option --ignore-crl-extensions. [T6545] + * dirmngr: Support config value "none" to disable the default + keyserver. [T6708] + * wkd: Use export-clean for gpg-wks-client's --mirror and --create commands. [rG2c7f7a5a27] diff --git a/dirmngr/server.c b/dirmngr/server.c index ee61f63d6..827c6207f 100644 --- a/dirmngr/server.c +++ b/dirmngr/server.c @@ -2202,6 +2202,7 @@ ensure_keyserver (ctrl_t ctrl) uri_item_t plain_items = NULL; uri_item_t ui; strlist_t sl; + int none_seen = 1; if (ctrl->server_local->keyservers) return 0; /* Already set for this session. */ @@ -2214,6 +2215,11 @@ ensure_keyserver (ctrl_t ctrl) for (sl = opt.keyserver; sl; sl = sl->next) { + if (!strcmp (sl->d, "none")) + { + none_seen = 1; + continue; + } err = make_keyserver_item (sl->d, &item); if (err) goto leave; @@ -2229,6 +2235,12 @@ ensure_keyserver (ctrl_t ctrl) } } + if (none_seen && !plain_items && !onion_items) + { + err = gpg_error (GPG_ERR_NO_KEYSERVER); + goto leave; + } + /* Decide which to use. Note that the session has no keyservers yet set. */ if (onion_items && !onion_items->next && plain_items && !plain_items->next) @@ -2299,8 +2311,7 @@ cmd_keyserver (assuan_context_t ctx, char *line) gpg_error_t err = 0; int clear_flag, add_flag, help_flag, host_flag, resolve_flag; int dead_flag, alive_flag; - uri_item_t item = NULL; /* gcc 4.4.5 is not able to detect that it - is always initialized. */ + uri_item_t item = NULL; clear_flag = has_option (line, "--clear"); help_flag = has_option (line, "--help"); @@ -2366,13 +2377,16 @@ cmd_keyserver (assuan_context_t ctx, char *line) if (add_flag) { - err = make_keyserver_item (line, &item); + if (!strcmp (line, "none") || !strcmp (line, "hkp://none")) + err = 0; + else + err = make_keyserver_item (line, &item); if (err) goto leave; } if (clear_flag) release_ctrl_keyservers (ctrl); - if (add_flag) + if (add_flag && item) { item->next = ctrl->server_local->keyservers; ctrl->server_local->keyservers = item; diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi index fb448752a..398888e71 100644 --- a/doc/dirmngr.texi +++ b/doc/dirmngr.texi @@ -344,7 +344,8 @@ whether Tor is locally running or not. The check for a running Tor is done for each new connection. If no keyserver is explicitly configured, dirmngr will use the -built-in default of @code{https://keyserver.ubuntu.com}. +built-in default of @code{https://keyserver.ubuntu.com}. To avoid the +use of a default keyserver the value @code{none} can be used. Windows users with a keyserver running on their Active Directory may use the short form @code{ldap:///} for @var{name} to access this directory.