* curl-shim.c (curl_easy_perform): Fix compile warning.

* curl-shim.h, gpgkeys_curl.c (main), gpgkeys_ldap.c (main): Add ca-cert-file option, to pass in the SSL cert.
2005-02-12 03:15:02 +00:00 · 2005-02-12 03:15:02 +00:00 · 2833a0eadc
parent 25001837e9
commit 2833a0eadc
5 changed files with 67 additions and 2 deletions
--- a/keyserver/ChangeLog
+++ b/keyserver/ChangeLog
@ -1,5 +1,10 @@
 2005-02-11  David Shaw  <dshaw@jabberwocky.com>

+	* curl-shim.c (curl_easy_perform): Fix compile warning.
+
+	* curl-shim.h, gpgkeys_curl.c (main), gpgkeys_ldap.c (main): Add
+	ca-cert-file option, to pass in the SSL cert.
+
 	* curl-shim.h, curl-shim.c: New.  This is code to fake the curl
 	API in terms of the current HTTP iobuf API.

--- a/keyserver/curl-shim.c
+++ b/keyserver/curl-shim.c
@ -129,7 +129,7 @@ CURLcode curl_easy_perform(CURL *curl)
    }
  else
    {
-      size_t maxlen=1024,buflen,len;
+      unsigned int maxlen=1024,buflen,len;
      byte *line=NULL;

      while((len=iobuf_read_line(curl->hd.fp_read,&line,&buflen,&maxlen)))
--- a/keyserver/curl-shim.h
+++ b/keyserver/curl-shim.h
@ -42,7 +42,8 @@ typedef enum
    CURLOPT_STDERR,
    CURLOPT_VERBOSE,
    CURLOPT_SSL_VERIFYPEER,
-    CURLOPT_PROXY
+    CURLOPT_PROXY,
+    CURLOPT_CAINFO
  } CURLoption;

 typedef size_t (*write_func)(char *buffer,size_t size,
--- a/keyserver/gpgkeys_curl.c
+++ b/keyserver/gpgkeys_curl.c
@ -158,6 +158,7 @@ main(int argc,char *argv[])
  char *thekey=NULL;
  unsigned int timeout=DEFAULT_KEYSERVER_TIMEOUT;
  long follow_redirects=5,debug=0,check_cert=1;
+  char *ca_cert_file=NULL;

  console=stderr;

@ -344,6 +345,26 @@ main(int argc,char *argv[])
 	      else
 		check_cert=1;
 	    }
+	  else if(strncasecmp(start,"ca-cert-file",12)==0)
+	    {
+	      if(no)
+		{
+		  free(ca_cert_file);
+		  ca_cert_file=NULL;
+		}
+	      else if(start[12]=='=')
+		{
+		  free(ca_cert_file);
+		  ca_cert_file=strdup(&start[13]);
+		  if(!ca_cert_file)
+		    {
+		      fprintf(console,"gpgkeys: out of memory while creating "
+			      "ca_cert_file\n");
+		      ret=KEYSERVER_NO_MEMORY;
+		      goto fail;
+		    }
+		}
+	    }

 	  continue;
 	}
@ -406,6 +427,9 @@ main(int argc,char *argv[])

  curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,check_cert);

+  if(ca_cert_file)
+    curl_easy_setopt(curl,CURLOPT_CAINFO,ca_cert_file);
+
  if(proxy[0])
    curl_easy_setopt(curl,CURLOPT_PROXY,proxy);

--- a/keyserver/gpgkeys_ldap.c
+++ b/keyserver/gpgkeys_ldap.c
@ -1549,6 +1549,7 @@ main(int argc,char *argv[])
  int version,failed=0,use_ssl=0,use_tls=0,bound=0,check_cert=1;
  struct keylist *keylist=NULL,*keyptr=NULL;
  unsigned int timeout=DEFAULT_KEYSERVER_TIMEOUT;
+  char *ca_cert_file=NULL;

  console=stderr;

@ -1776,6 +1777,26 @@ main(int argc,char *argv[])
 	      else if(start[7]=='\0')
 		timeout=DEFAULT_KEYSERVER_TIMEOUT;
 	    }
+	  else if(strncasecmp(start,"ca-cert-file",12)==0)
+	    {
+	      if(no)
+		{
+		  free(ca_cert_file);
+		  ca_cert_file=NULL;
+		}
+	      else if(start[12]=='=')
+		{
+		  free(ca_cert_file);
+		  ca_cert_file=strdup(&start[13]);
+		  if(!ca_cert_file)
+		    {
+		      fprintf(console,"gpgkeys: out of memory while creating "
+			      "ca_cert_file\n");
+		      ret=KEYSERVER_NO_MEMORY;
+		      goto fail;
+		    }
+		}
+	    }

 	  continue;
 	}
@ -1787,6 +1808,20 @@ main(int argc,char *argv[])
      return KEYSERVER_INTERNAL_ERROR;
    }

+#if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS_CACERTFILE)
+  if(ca_cert_file)
+    {
+      err=ldap_set_option(NULL,LDAP_OPT_X_TLS_CACERTFILE,ca_cert_file);
+      if(err!=LDAP_SUCCESS)
+	{
+	  fprintf(console,"gpgkeys: unable to set ca-cert-file: %s\n",
+		  ldap_err2string(err));
+	  ret=KEYSERVER_INTERNAL_ERROR;
+	  goto fail;
+	}
+    }
+#endif /* HAVE_LDAP_SET_OPTION && LDAP_OPT_X_TLS_CACERTFILE */
+
  /* SSL trumps TLS */
  if(use_ssl)
    use_tls=0;