security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-18 14:17:03 +01:00
Code Activity

dirmngr: Use "pgpkey-hkps" and "pgpkey-hkp" for SRV record lookups.

Browse Source 
* dirmngr/ks-engine-hkp.c (map_host): Chnage arg NO_SRV to SRVTAG.
(make_host_part): Rewrite.
--

This fixes a regression from 2.0 and 1.4 where these tags have been in
used since 2009.  For whatever reason this was not ported to 2.1 and
"hkp" was always used.

GnuPG-bug-id: 2451
Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2017-01-09 10:42:30 +01:00
parent c2cbe2f87c
commit 0cc975d8a1
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 34 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
dirmngr/ks-engine-hkp.c
View File

@ -378,16 +378,17 @@ add_host (const char *name, int is_pool,
* to choose one of the hosts. For example we skip those hosts which * to choose one of the hosts. For example we skip those hosts which
* failed for some time and we stick to one host for a time * failed for some time and we stick to one host for a time
* independent of DNS retry times. If FORCE_RESELECT is true a new * independent of DNS retry times. If FORCE_RESELECT is true a new
* host is always selected. If NO_SRV is set no service record lookup * host is always selected. If SRVTAG is NULL no service record
* will be done. The selected host is stored as a malloced string at * lookup will be done, if it is set that service name is used. The
* R_HOST; on error NULL is stored. If we know the port used by the * selected host is stored as a malloced string at R_HOST; on error
* selected host from a service record, a string representation is * NULL is stored. If we know the port used by the selected host from
* written to R_PORTSTR, otherwise it is left untouched. If * a service record, a string representation is written to R_PORTSTR,
* R_HTTPFLAGS is not NULL it will receive flags which are to be * otherwise it is left untouched. If R_HTTPFLAGS is not NULL it will
* passed to http_open. If R_POOLNAME is not NULL a malloced name of * receive flags which are to be passed to http_open. If R_POOLNAME
* the pool is stored or NULL if it is not a pool. */ * is not NULL a malloced name of the pool is stored or NULL if it is
* not a pool. */
static gpg_error_t static gpg_error_t
map_host (ctrl_t ctrl, const char *name, int force_reselect, int no_srv, map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect,
char **r_host, char *r_portstr, char **r_host, char *r_portstr,
unsigned int *r_httpflags, char **r_poolname) unsigned int *r_httpflags, char **r_poolname)
{ {
@ -445,10 +446,10 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, int no_srv,
} }
hi = hosttable[idx]; hi = hosttable[idx];
if (!no_srv && !is_ip_address (name)) if (srvtag && !is_ip_address (name))
{ {
/* Check for SRV records. */ /* Check for SRV records. */
err = get_dns_srv (name, "hkp", NULL, &srvs, &srvscount); err = get_dns_srv (name, srvtag, NULL, &srvs, &srvscount);
if (err) if (err)
{ {
xfree (reftbl); xfree (reftbl);
@ -859,37 +860,41 @@ make_host_part (ctrl_t ctrl,
char **r_hostport, unsigned int *r_httpflags, char **r_poolname) char **r_hostport, unsigned int *r_httpflags, char **r_poolname)
{ {
gpg_error_t err; gpg_error_t err;
const char *srvtag;
char portstr[10]; char portstr[10];
char *hostname; char *hostname;
*r_hostport = NULL; *r_hostport = NULL;
if (!strcmp (scheme, "hkps") || !strcmp (scheme,"https"))
{
scheme = "https";
srvtag = no_srv? NULL : "pgpkey-https";
}
else /* HKP or HTTP. */
{
scheme = "http";
srvtag = no_srv? NULL : "pgpkey-http";
}
portstr[0] = 0; portstr[0] = 0;
err = map_host (ctrl, host, force_reselect, no_srv, err = map_host (ctrl, host, srvtag, force_reselect,
&hostname, portstr, r_httpflags, r_poolname); &hostname, portstr, r_httpflags, r_poolname);
if (err) if (err)
return err; return err;
/* If map_host did not return a port (from a SRV record) but a port /* If map_host did not return a port (from a SRV record) but a port
* has been specified (implicitly or explicitly) then use that port. * has been specified (implicitly or explicitly) then use that port.
* Only in the case that a port was not specified (which might be a * In the case that a port was not specified (which is probably a
* bug in https.c) we will later make sure that it has been set. */ * bug in https.c) we will set up defaults. */
if (!*portstr && port) if (*portstr)
;
else if (!*portstr && port)
snprintf (portstr, sizeof portstr, "%hu", port); snprintf (portstr, sizeof portstr, "%hu", port);
else if (!strcmp (scheme,"https"))
/* Map scheme and port. */
if (!strcmp (scheme, "hkps") || !strcmp (scheme,"https"))
{
scheme = "https";
if (! *portstr)
strcpy (portstr, "443"); strcpy (portstr, "443");
} else
else /* HKP or HTTP. */
{
scheme = "http";
if (! *portstr)
strcpy (portstr, "11371"); strcpy (portstr, "11371");
}
*r_hostport = strconcat (scheme, "://", hostname, ":", portstr, NULL); *r_hostport = strconcat (scheme, "://", hostname, ":", portstr, NULL);
xfree (hostname); xfree (hostname);