security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-03 22:56:33 +02:00
Code Activity

sm: Print diagnostic about CRL problems due to Tor mode.

Browse source 
* dirmngr/crlfetch.c (crl_fetch, crl_fetch_default)
(ca_cert_fetch, start_cert_fetch): Factor Tor error out to ...
(no_crl_due_to_tor): new.  Print status note.

* dirmngr/ks-engine-ldap.c (ks_ldap_get)
(ks_ldap_search, ks_ldap_put): Factor Tor error out to ...
(no_ldap_due_to_tor): new.  Print status note.

* dirmngr/ocsp.c (do_ocsp_request): Print status note.
* sm/misc.c (gpgsm_print_further_info): New.
* sm/call-dirmngr.c (warning_and_note_printer): New.
(isvalid_status_cb): Call it.
(lookup_status_cb): Ditto.
(run_command_status_cb): Ditto.

* common/asshelp2.c (vprint_assuan_status): Strip a possible trailing
LF.

--
This commit is contained in:
Werner Koch 2022-04-11 17:57:14 +02:00
parent 0dcc249852
commit 137e59a6a5
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
7 changed files with 122 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

29
dirmngr/crlfetch.c
View file

@ -147,6 +147,19 @@ my_es_read (void *opaque, char *buffer, size_t nbytes, size_t *nread)
}
/* For now we do not support LDAP over Tor. */
static gpg_error_t
no_crl_due_to_tor (ctrl_t ctrl)
{
gpg_error_t err = gpg_error (GPG_ERR_NOT_SUPPORTED);
const char *text = _("CRL access not possible due to Tor mode");
log_error ("%s", text);
dirmngr_status_printf (ctrl, "NOTE", "no_crl_due_to_tor %u %s", err, text);
return gpg_error (GPG_ERR_NOT_SUPPORTED);
}
/* Fetch CRL from URL and return the entire CRL using new ksba reader
object in READER. Note that this reader object should be closed
only using ldap_close_reader. */
@ -233,9 +246,7 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
}
else if (dirmngr_use_tor ())
{
/* For now we do not support LDAP over Tor. */
log_error (_("CRL access not possible due to Tor mode\n"));
err = gpg_error (GPG_ERR_NOT_SUPPORTED);
err = no_crl_due_to_tor (ctrl);
}
else
{
@ -259,9 +270,7 @@ crl_fetch_default (ctrl_t ctrl, const char *issuer, ksba_reader_t *reader)
{
if (dirmngr_use_tor ())
{
/* For now we do not support LDAP over Tor. */
log_error (_("CRL access not possible due to Tor mode\n"));
return gpg_error (GPG_ERR_NOT_SUPPORTED);
return no_crl_due_to_tor (ctrl);
}
if (opt.disable_ldap)
{
@ -291,9 +300,7 @@ ca_cert_fetch (ctrl_t ctrl, cert_fetch_context_t *context, const char *dn)
{
if (dirmngr_use_tor ())
{
/* For now we do not support LDAP over Tor. */
log_error (_("CRL access not possible due to Tor mode\n"));
return gpg_error (GPG_ERR_NOT_SUPPORTED);
return no_crl_due_to_tor (ctrl);
}
if (opt.disable_ldap)
{
@ -318,9 +325,7 @@ start_cert_fetch (ctrl_t ctrl, cert_fetch_context_t *context,
{
if (dirmngr_use_tor ())
{
/* For now we do not support LDAP over Tor. */
log_error (_("CRL access not possible due to Tor mode\n"));
return gpg_error (GPG_ERR_NOT_SUPPORTED);
return no_crl_due_to_tor (ctrl);
}
if (opt.disable_ldap)
{