security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

dirmngr: Allow conf files to disable default keyservers. 

* dirmngr/server.c (ensure_keyserver): Detect special value "none"
(cmd_keyserver): Ignore "none" and "hkp://none".
--

GnuPG-bug-id: 6708
This commit is contained in:
Werner Koch 2023-09-06 09:36:47 +02:00
parent 362a6dfb0a
commit 0aa32e2429
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
3 changed files with 23 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
NEWS
View File

@ -36,6 +36,9 @@ Noteworthy changes in version 2.4.3 (2023-07-04)
* dirmngr: New option --ignore-crl-extensions. [T6545] * dirmngr: New option --ignore-crl-extensions. [T6545]
* dirmngr: Support config value "none" to disable the default
keyserver. [T6708]
* wkd: Use export-clean for gpg-wks-client's --mirror and --create * wkd: Use export-clean for gpg-wks-client's --mirror and --create
commands. [rG2c7f7a5a27] commands. [rG2c7f7a5a27]

22
dirmngr/server.c
View File

@ -2202,6 +2202,7 @@ ensure_keyserver (ctrl_t ctrl)
uri_item_t plain_items = NULL; uri_item_t plain_items = NULL;
uri_item_t ui; uri_item_t ui;
strlist_t sl; strlist_t sl;
int none_seen = 1;
if (ctrl->server_local->keyservers) if (ctrl->server_local->keyservers)
return 0; /* Already set for this session. */ return 0; /* Already set for this session. */
@ -2214,6 +2215,11 @@ ensure_keyserver (ctrl_t ctrl)
for (sl = opt.keyserver; sl; sl = sl->next) for (sl = opt.keyserver; sl; sl = sl->next)
{ {
if (!strcmp (sl->d, "none"))
{
none_seen = 1;
continue;
}
err = make_keyserver_item (sl->d, &item); err = make_keyserver_item (sl->d, &item);
if (err) if (err)
goto leave; goto leave;
@ -2229,6 +2235,12 @@ ensure_keyserver (ctrl_t ctrl)
} }
} }
if (none_seen && !plain_items && !onion_items)
{
err = gpg_error (GPG_ERR_NO_KEYSERVER);
goto leave;
}
/* Decide which to use. Note that the session has no keyservers /* Decide which to use. Note that the session has no keyservers
yet set. */ yet set. */
if (onion_items && !onion_items->next && plain_items && !plain_items->next) if (onion_items && !onion_items->next && plain_items && !plain_items->next)
@ -2299,8 +2311,7 @@ cmd_keyserver (assuan_context_t ctx, char *line)
gpg_error_t err = 0; gpg_error_t err = 0;
int clear_flag, add_flag, help_flag, host_flag, resolve_flag; int clear_flag, add_flag, help_flag, host_flag, resolve_flag;
int dead_flag, alive_flag; int dead_flag, alive_flag;
uri_item_t item = NULL; /* gcc 4.4.5 is not able to detect that it uri_item_t item = NULL;
is always initialized. */
clear_flag = has_option (line, "--clear"); clear_flag = has_option (line, "--clear");
help_flag = has_option (line, "--help"); help_flag = has_option (line, "--help");
@ -2366,13 +2377,16 @@ cmd_keyserver (assuan_context_t ctx, char *line)
if (add_flag) if (add_flag)
{ {
err = make_keyserver_item (line, &item); if (!strcmp (line, "none") || !strcmp (line, "hkp://none"))
err = 0;
else
err = make_keyserver_item (line, &item);
if (err) if (err)
goto leave; goto leave;
} }
if (clear_flag) if (clear_flag)
release_ctrl_keyservers (ctrl); release_ctrl_keyservers (ctrl);
if (add_flag) if (add_flag && item)
{ {
item->next = ctrl->server_local->keyservers; item->next = ctrl->server_local->keyservers;
ctrl->server_local->keyservers = item; ctrl->server_local->keyservers = item;

3
doc/dirmngr.texi
View File

@ -344,7 +344,8 @@ whether Tor is locally running or not. The check for a running Tor is
done for each new connection. done for each new connection.
If no keyserver is explicitly configured, dirmngr will use the If no keyserver is explicitly configured, dirmngr will use the
built-in default of @code{https://keyserver.ubuntu.com}. built-in default of @code{https://keyserver.ubuntu.com}. To avoid the
use of a default keyserver the value @code{none} can be used.
Windows users with a keyserver running on their Active Directory Windows users with a keyserver running on their Active Directory
may use the short form @code{ldap:///} for @var{name} to access this directory. may use the short form @code{ldap:///} for @var{name} to access this directory.