sm: Print diagnostic about CRL problems due to Tor mode.

* dirmngr/crlfetch.c (crl_fetch, crl_fetch_default) (ca_cert_fetch, start_cert_fetch): Factor Tor error out to ... (no_crl_due_to_tor): new. Print status note. * dirmngr/ks-engine-ldap.c (ks_ldap_get) (ks_ldap_search, ks_ldap_put): Factor Tor error out to ... (no_ldap_due_to_tor): new. Print status note. * dirmngr/ocsp.c (do_ocsp_request): Print status note. * sm/misc.c (gpgsm_print_further_info): New. * sm/call-dirmngr.c (warning_and_note_printer): New. (isvalid_status_cb): Call it. (lookup_status_cb): Ditto. (run_command_status_cb): Ditto. * common/asshelp2.c (vprint_assuan_status): Strip a possible trailing LF. --
2025-07-02 22:46:30 +02:00 · 2022-04-11 17:57:14 +02:00 · 2022-04-11 17:57:14 +02:00 · 137e59a6a5
commit 137e59a6a5
parent 0dcc249852
7 changed files with 122 additions and 23 deletions
--- a/dirmngr/crlfetch.c
+++ b/dirmngr/crlfetch.c
@ -147,6 +147,19 @@ my_es_read (void *opaque, char *buffer, size_t nbytes, size_t *nread)
 }


+/* For now we do not support LDAP over Tor.  */
+static gpg_error_t
+no_crl_due_to_tor (ctrl_t ctrl)
+{
+  gpg_error_t err = gpg_error (GPG_ERR_NOT_SUPPORTED);
+  const char *text = _("CRL access not possible due to Tor mode");
+
+  log_error ("%s", text);
+  dirmngr_status_printf (ctrl, "NOTE", "no_crl_due_to_tor %u %s", err, text);
+  return gpg_error (GPG_ERR_NOT_SUPPORTED);
+}
+
+
 /* Fetch CRL from URL and return the entire CRL using new ksba reader
   object in READER.  Note that this reader object should be closed
   only using ldap_close_reader. */
@ -233,9 +246,7 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
        }
      else if (dirmngr_use_tor ())
        {
-          /* For now we do not support LDAP over Tor.  */
-          log_error (_("CRL access not possible due to Tor mode\n"));
-          err = gpg_error (GPG_ERR_NOT_SUPPORTED);
+          err = no_crl_due_to_tor (ctrl);
        }
      else
        {
@ -259,9 +270,7 @@ crl_fetch_default (ctrl_t ctrl, const char *issuer, ksba_reader_t *reader)
 {
  if (dirmngr_use_tor ())
    {
-      /* For now we do not support LDAP over Tor.  */
-      log_error (_("CRL access not possible due to Tor mode\n"));
-      return gpg_error (GPG_ERR_NOT_SUPPORTED);
+      return no_crl_due_to_tor (ctrl);
    }
  if (opt.disable_ldap)
    {
@ -291,9 +300,7 @@ ca_cert_fetch (ctrl_t ctrl, cert_fetch_context_t *context, const char *dn)
 {
  if (dirmngr_use_tor ())
    {
-      /* For now we do not support LDAP over Tor.  */
-      log_error (_("CRL access not possible due to Tor mode\n"));
-      return gpg_error (GPG_ERR_NOT_SUPPORTED);
+      return no_crl_due_to_tor (ctrl);
    }
  if (opt.disable_ldap)
    {
@ -318,9 +325,7 @@ start_cert_fetch (ctrl_t ctrl, cert_fetch_context_t *context,
 {
  if (dirmngr_use_tor ())
    {
-      /* For now we do not support LDAP over Tor.  */
-      log_error (_("CRL access not possible due to Tor mode\n"));
-      return gpg_error (GPG_ERR_NOT_SUPPORTED);
+      return no_crl_due_to_tor (ctrl);
    }
  if (opt.disable_ldap)
    {
--- a/dirmngr/ks-engine-ldap.c
+++ b/dirmngr/ks-engine-ldap.c
@ -847,6 +847,20 @@ extract_keys (estream_t output,
  es_fprintf (output, "INFO %s END\n", certid);
 }

+
+/* For now we do not support LDAP over Tor.  */
+static gpg_error_t
+no_ldap_due_to_tor (ctrl_t ctrl)
+{
+  gpg_error_t err = gpg_error (GPG_ERR_NOT_SUPPORTED);
+  const char *msg = _("LDAP access not possible due to Tor mode");
+
+  log_error ("%s", msg);
+  dirmngr_status_printf (ctrl, "NOTE", "no_ldap_due_to_tor %u %s", err, msg);
+  return gpg_error (GPG_ERR_NOT_SUPPORTED);
+}
+
+
 /* Get the key described key the KEYSPEC string from the keyserver
   identified by URI.  On success R_FP has an open stream to read the
   data.  */
@ -869,9 +883,7 @@ ks_ldap_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec,

  if (dirmngr_use_tor ())
    {
-      /* For now we do not support LDAP over Tor.  */
-      log_error (_("LDAP access not possible due to Tor mode\n"));
-      return gpg_error (GPG_ERR_NOT_SUPPORTED);
+      return no_ldap_due_to_tor (ctrl);
    }

  /* Make sure we are talking to an OpenPGP LDAP server.  */
@ -1067,9 +1079,7 @@ ks_ldap_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern,

  if (dirmngr_use_tor ())
    {
-      /* For now we do not support LDAP over Tor.  */
-      log_error (_("LDAP access not possible due to Tor mode\n"));
-      return gpg_error (GPG_ERR_NOT_SUPPORTED);
+      return no_ldap_due_to_tor (ctrl);
    }

  /* Make sure we are talking to an OpenPGP LDAP server.  */
@ -1959,9 +1969,7 @@ ks_ldap_put (ctrl_t ctrl, parsed_uri_t uri,

  if (dirmngr_use_tor ())
    {
-      /* For now we do not support LDAP over Tor.  */
-      log_error (_("LDAP access not possible due to Tor mode\n"));
-      return gpg_error (GPG_ERR_NOT_SUPPORTED);
+      return no_ldap_due_to_tor (ctrl);
    }

  err = my_ldap_connect (uri, &ldap_conn, &basedn, NULL, NULL, &serverinfo);
--- a/dirmngr/ocsp.c
+++ b/dirmngr/ocsp.c
@ -145,8 +145,11 @@ do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp,
    {
      /* For now we do not allow OCSP via Tor due to possible privacy
         concerns.  Needs further research.  */
-      log_error (_("OCSP request not possible due to Tor mode\n"));
-      return gpg_error (GPG_ERR_NOT_SUPPORTED);
+      const char *msg = _("OCSP request not possible due to Tor mode");
+      err = gpg_error (GPG_ERR_NOT_SUPPORTED);
+      log_error ("%s", msg);
+      dirmngr_status_printf (ctrl, "NOTE", "no_ocsp_due_to_tor %u %s", err,msg);
+      return err;
    }

  if (opt.disable_http)