From 2833a0eadcc5e95d164974afddb421afcff3bca9 Mon Sep 17 00:00:00 2001
From: David Shaw <dshaw@jabberwocky.com>
Date: Sat, 12 Feb 2005 03:15:02 +0000
Subject: [PATCH] * curl-shim.c (curl_easy_perform): Fix compile warning.

* curl-shim.h, gpgkeys_curl.c (main), gpgkeys_ldap.c (main): Add
ca-cert-file option, to pass in the SSL cert.
---
 keyserver/ChangeLog      |  5 +++++
 keyserver/curl-shim.c    |  2 +-
 keyserver/curl-shim.h    |  3 ++-
 keyserver/gpgkeys_curl.c | 24 ++++++++++++++++++++++++
 keyserver/gpgkeys_ldap.c | 35 +++++++++++++++++++++++++++++++++++
 5 files changed, 67 insertions(+), 2 deletions(-)

diff --git a/keyserver/ChangeLog b/keyserver/ChangeLog
index 0a0ab1ac5..5734e0c9b 100644
--- a/keyserver/ChangeLog
+++ b/keyserver/ChangeLog
@@ -1,5 +1,10 @@
 2005-02-11  David Shaw  <dshaw@jabberwocky.com>
 
+	* curl-shim.c (curl_easy_perform): Fix compile warning.
+
+	* curl-shim.h, gpgkeys_curl.c (main), gpgkeys_ldap.c (main): Add
+	ca-cert-file option, to pass in the SSL cert.
+
 	* curl-shim.h, curl-shim.c: New.  This is code to fake the curl
 	API in terms of the current HTTP iobuf API.
 
diff --git a/keyserver/curl-shim.c b/keyserver/curl-shim.c
index 623d685f7..088d65fc2 100644
--- a/keyserver/curl-shim.c
+++ b/keyserver/curl-shim.c
@@ -129,7 +129,7 @@ CURLcode curl_easy_perform(CURL *curl)
     }
   else
     {
-      size_t maxlen=1024,buflen,len;
+      unsigned int maxlen=1024,buflen,len;
       byte *line=NULL;
 
       while((len=iobuf_read_line(curl->hd.fp_read,&line,&buflen,&maxlen)))
diff --git a/keyserver/curl-shim.h b/keyserver/curl-shim.h
index eb91af33d..906d4345c 100644
--- a/keyserver/curl-shim.h
+++ b/keyserver/curl-shim.h
@@ -42,7 +42,8 @@ typedef enum
     CURLOPT_STDERR,
     CURLOPT_VERBOSE,
     CURLOPT_SSL_VERIFYPEER,
-    CURLOPT_PROXY
+    CURLOPT_PROXY,
+    CURLOPT_CAINFO
   } CURLoption;
 
 typedef size_t (*write_func)(char *buffer,size_t size,
diff --git a/keyserver/gpgkeys_curl.c b/keyserver/gpgkeys_curl.c
index 7c3dcb3c7..c2d51f2ee 100644
--- a/keyserver/gpgkeys_curl.c
+++ b/keyserver/gpgkeys_curl.c
@@ -158,6 +158,7 @@ main(int argc,char *argv[])
   char *thekey=NULL;
   unsigned int timeout=DEFAULT_KEYSERVER_TIMEOUT;
   long follow_redirects=5,debug=0,check_cert=1;
+  char *ca_cert_file=NULL;
 
   console=stderr;
 
@@ -344,6 +345,26 @@ main(int argc,char *argv[])
 	      else
 		check_cert=1;
 	    }
+	  else if(strncasecmp(start,"ca-cert-file",12)==0)
+	    {
+	      if(no)
+		{
+		  free(ca_cert_file);
+		  ca_cert_file=NULL;
+		}
+	      else if(start[12]=='=')
+		{
+		  free(ca_cert_file);
+		  ca_cert_file=strdup(&start[13]);
+		  if(!ca_cert_file)
+		    {
+		      fprintf(console,"gpgkeys: out of memory while creating "
+			      "ca_cert_file\n");
+		      ret=KEYSERVER_NO_MEMORY;
+		      goto fail;
+		    }
+		}
+	    }
 
 	  continue;
 	}
@@ -406,6 +427,9 @@ main(int argc,char *argv[])
 
   curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,check_cert);
 
+  if(ca_cert_file)
+    curl_easy_setopt(curl,CURLOPT_CAINFO,ca_cert_file);
+
   if(proxy[0])
     curl_easy_setopt(curl,CURLOPT_PROXY,proxy);
 
diff --git a/keyserver/gpgkeys_ldap.c b/keyserver/gpgkeys_ldap.c
index d6b280a62..94c6fb626 100644
--- a/keyserver/gpgkeys_ldap.c
+++ b/keyserver/gpgkeys_ldap.c
@@ -1549,6 +1549,7 @@ main(int argc,char *argv[])
   int version,failed=0,use_ssl=0,use_tls=0,bound=0,check_cert=1;
   struct keylist *keylist=NULL,*keyptr=NULL;
   unsigned int timeout=DEFAULT_KEYSERVER_TIMEOUT;
+  char *ca_cert_file=NULL;
 
   console=stderr;
 
@@ -1776,6 +1777,26 @@ main(int argc,char *argv[])
 	      else if(start[7]=='\0')
 		timeout=DEFAULT_KEYSERVER_TIMEOUT;
 	    }
+	  else if(strncasecmp(start,"ca-cert-file",12)==0)
+	    {
+	      if(no)
+		{
+		  free(ca_cert_file);
+		  ca_cert_file=NULL;
+		}
+	      else if(start[12]=='=')
+		{
+		  free(ca_cert_file);
+		  ca_cert_file=strdup(&start[13]);
+		  if(!ca_cert_file)
+		    {
+		      fprintf(console,"gpgkeys: out of memory while creating "
+			      "ca_cert_file\n");
+		      ret=KEYSERVER_NO_MEMORY;
+		      goto fail;
+		    }
+		}
+	    }
 
 	  continue;
 	}
@@ -1787,6 +1808,20 @@ main(int argc,char *argv[])
       return KEYSERVER_INTERNAL_ERROR;
     }
 
+#if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS_CACERTFILE)
+  if(ca_cert_file)
+    {
+      err=ldap_set_option(NULL,LDAP_OPT_X_TLS_CACERTFILE,ca_cert_file);
+      if(err!=LDAP_SUCCESS)
+	{
+	  fprintf(console,"gpgkeys: unable to set ca-cert-file: %s\n",
+		  ldap_err2string(err));
+	  ret=KEYSERVER_INTERNAL_ERROR;
+	  goto fail;
+	}
+    }
+#endif /* HAVE_LDAP_SET_OPTION && LDAP_OPT_X_TLS_CACERTFILE */
+
   /* SSL trumps TLS */
   if(use_ssl)
     use_tls=0;