* curl-shim.c (curl_easy_perform): Fix compile warning.

* curl-shim.h, gpgkeys_curl.c (main), gpgkeys_ldap.c (main): Add
ca-cert-file option, to pass in the SSL cert.

keyserver/ChangeLog

@@ -1,5 +1,10 @@
 2005-02-11  David Shaw  <dshaw@jabberwocky.com>
 
+	* curl-shim.c (curl_easy_perform): Fix compile warning.
+
+	* curl-shim.h, gpgkeys_curl.c (main), gpgkeys_ldap.c (main): Add
+	ca-cert-file option, to pass in the SSL cert.
+
 	* curl-shim.h, curl-shim.c: New.  This is code to fake the curl
 	API in terms of the current HTTP iobuf API.
 

keyserver/curl-shim.c

@@ -129,7 +129,7 @@ CURLcode curl_easy_perform(CURL *curl)
     }
   else
     {
-      size_t maxlen=1024,buflen,len;
+      unsigned int maxlen=1024,buflen,len;
       byte *line=NULL;
 
       while((len=iobuf_read_line(curl->hd.fp_read,&line,&buflen,&maxlen)))

keyserver/curl-shim.h

@@ -42,7 +42,8 @@ typedef enum
     CURLOPT_STDERR,
     CURLOPT_VERBOSE,
     CURLOPT_SSL_VERIFYPEER,
-    CURLOPT_PROXY
+    CURLOPT_PROXY,
+    CURLOPT_CAINFO
   } CURLoption;
 
 typedef size_t (*write_func)(char *buffer,size_t size,

keyserver/gpgkeys_curl.c

@@ -158,6 +158,7 @@ main(int argc,char *argv[])
   char *thekey=NULL;
   unsigned int timeout=DEFAULT_KEYSERVER_TIMEOUT;
   long follow_redirects=5,debug=0,check_cert=1;
+  char *ca_cert_file=NULL;
 
   console=stderr;
 
@@ -344,6 +345,26 @@ main(int argc,char *argv[])
 	      else
 		check_cert=1;
 	    }
+	  else if(strncasecmp(start,"ca-cert-file",12)==0)
+	    {
+	      if(no)
+		{
+		  free(ca_cert_file);
+		  ca_cert_file=NULL;
+		}
+	      else if(start[12]=='=')
+		{
+		  free(ca_cert_file);
+		  ca_cert_file=strdup(&start[13]);
+		  if(!ca_cert_file)
+		    {
+		      fprintf(console,"gpgkeys: out of memory while creating "
+			      "ca_cert_file\n");
+		      ret=KEYSERVER_NO_MEMORY;
+		      goto fail;
+		    }
+		}
+	    }
 
 	  continue;
 	}
@@ -406,6 +427,9 @@ main(int argc,char *argv[])
 
   curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,check_cert);
 
+  if(ca_cert_file)
+    curl_easy_setopt(curl,CURLOPT_CAINFO,ca_cert_file);
+
   if(proxy[0])
     curl_easy_setopt(curl,CURLOPT_PROXY,proxy);
 

keyserver/gpgkeys_ldap.c

@@ -1549,6 +1549,7 @@ main(int argc,char *argv[])
   int version,failed=0,use_ssl=0,use_tls=0,bound=0,check_cert=1;
   struct keylist *keylist=NULL,*keyptr=NULL;
   unsigned int timeout=DEFAULT_KEYSERVER_TIMEOUT;
+  char *ca_cert_file=NULL;
 
   console=stderr;
 
@@ -1776,6 +1777,26 @@ main(int argc,char *argv[])
 	      else if(start[7]=='\0')
 		timeout=DEFAULT_KEYSERVER_TIMEOUT;
 	    }
+	  else if(strncasecmp(start,"ca-cert-file",12)==0)
+	    {
+	      if(no)
+		{
+		  free(ca_cert_file);
+		  ca_cert_file=NULL;
+		}
+	      else if(start[12]=='=')
+		{
+		  free(ca_cert_file);
+		  ca_cert_file=strdup(&start[13]);
+		  if(!ca_cert_file)
+		    {
+		      fprintf(console,"gpgkeys: out of memory while creating "
+			      "ca_cert_file\n");
+		      ret=KEYSERVER_NO_MEMORY;
+		      goto fail;
+		    }
+		}
+	    }
 
 	  continue;
 	}
@@ -1787,6 +1808,20 @@ main(int argc,char *argv[])
       return KEYSERVER_INTERNAL_ERROR;
     }
 
+#if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS_CACERTFILE)
+  if(ca_cert_file)
+    {
+      err=ldap_set_option(NULL,LDAP_OPT_X_TLS_CACERTFILE,ca_cert_file);
+      if(err!=LDAP_SUCCESS)
+	{
+	  fprintf(console,"gpgkeys: unable to set ca-cert-file: %s\n",
+		  ldap_err2string(err));
+	  ret=KEYSERVER_INTERNAL_ERROR;
+	  goto fail;
+	}
+    }
+#endif /* HAVE_LDAP_SET_OPTION && LDAP_OPT_X_TLS_CACERTFILE */
+
   /* SSL trumps TLS */
   if(use_ssl)
     use_tls=0;