mirror of
git://git.gnupg.org/gnupg.git
synced 2025-03-20 21:29:58 +01:00
* gpgkeys_ldap.c (main): Add "check-cert" option to disable SSL
certificate checking (which is on by default). * gpgkeys_curl.c (main): Add "debug" option to match the LDAP helper. Add "check-cert" option to disable SSL certificate checking (which is on by default).
This commit is contained in:
parent
6a0fda89c0
commit
2b10681641
@ -1,3 +1,12 @@
|
||||
2005-01-21 David Shaw <dshaw@grover.jabberwocky.com>
|
||||
|
||||
* gpgkeys_ldap.c (main): Add "check-cert" option to disable SSL
|
||||
certificate checking (which is on by default).
|
||||
|
||||
* gpgkeys_curl.c (main): Add "debug" option to match the LDAP
|
||||
helper. Add "check-cert" option to disable SSL certificate
|
||||
checking (which is on by default).
|
||||
|
||||
2005-01-18 David Shaw <dshaw@grover.jabberwocky.com>
|
||||
|
||||
* gpgkeys_curl.c: Fix typo.
|
||||
|
@ -82,12 +82,6 @@ get_key(char *getkey)
|
||||
curl_easy_setopt(curl,CURLOPT_FILE,output);
|
||||
curl_easy_setopt(curl,CURLOPT_ERRORBUFFER,errorbuffer);
|
||||
|
||||
if(verbose>1)
|
||||
{
|
||||
curl_easy_setopt(curl,CURLOPT_STDERR,console);
|
||||
curl_easy_setopt(curl,CURLOPT_VERBOSE,1);
|
||||
}
|
||||
|
||||
res=curl_easy_perform(curl);
|
||||
if(res!=0)
|
||||
{
|
||||
@ -116,7 +110,7 @@ main(int argc,char *argv[])
|
||||
char line[MAX_LINE];
|
||||
char *thekey=NULL;
|
||||
unsigned int timeout=DEFAULT_KEYSERVER_TIMEOUT;
|
||||
long follow_redirects=5;
|
||||
long follow_redirects=5,debug=0,check_cert=1;
|
||||
|
||||
console=stderr;
|
||||
|
||||
@ -287,6 +281,22 @@ main(int argc,char *argv[])
|
||||
else if(start[16]=='\0')
|
||||
follow_redirects=-1;
|
||||
}
|
||||
else if(strncasecmp(start,"debug",5)==0)
|
||||
{
|
||||
if(no)
|
||||
debug=0;
|
||||
else if(start[5]=='=')
|
||||
debug=atoi(&start[6]);
|
||||
else if(start[5]=='\0')
|
||||
debug=1;
|
||||
}
|
||||
else if(strcasecmp(start,"check-cert")==0)
|
||||
{
|
||||
if(no)
|
||||
check_cert=0;
|
||||
else
|
||||
check_cert=1;
|
||||
}
|
||||
|
||||
continue;
|
||||
}
|
||||
@ -337,6 +347,14 @@ main(int argc,char *argv[])
|
||||
curl_easy_setopt(curl,CURLOPT_MAXREDIRS,follow_redirects);
|
||||
}
|
||||
|
||||
if(debug)
|
||||
{
|
||||
curl_easy_setopt(curl,CURLOPT_STDERR,console);
|
||||
curl_easy_setopt(curl,CURLOPT_VERBOSE,1);
|
||||
}
|
||||
|
||||
curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,check_cert);
|
||||
|
||||
if(proxy[0])
|
||||
curl_easy_setopt(curl,CURLOPT_PROXY,proxy);
|
||||
|
||||
|
@ -1534,7 +1534,7 @@ main(int argc,char *argv[])
|
||||
{
|
||||
int debug=0,port=0,arg,err,action=-1,ret=KEYSERVER_INTERNAL_ERROR;
|
||||
char line[MAX_LINE];
|
||||
int version,failed=0,use_ssl=0,use_tls=0,bound=0;
|
||||
int version,failed=0,use_ssl=0,use_tls=0,bound=0,check_cert=1;
|
||||
struct keylist *keylist=NULL,*keyptr=NULL;
|
||||
unsigned int timeout=DEFAULT_KEYSERVER_TIMEOUT;
|
||||
|
||||
@ -1719,6 +1719,13 @@ main(int argc,char *argv[])
|
||||
else if(start[3]=='\0')
|
||||
use_tls=1;
|
||||
}
|
||||
else if(strcasecmp(start,"check-cert")==0)
|
||||
{
|
||||
if(no)
|
||||
check_cert=0;
|
||||
else
|
||||
check_cert=1;
|
||||
}
|
||||
else if(strncasecmp(start,"debug",5)==0)
|
||||
{
|
||||
if(no)
|
||||
@ -1868,8 +1875,9 @@ main(int argc,char *argv[])
|
||||
|
||||
if(use_ssl)
|
||||
{
|
||||
#if defined(LDAP_OPT_X_TLS_HARD) && defined(HAVE_LDAP_SET_OPTION)
|
||||
#if defined(LDAP_OPT_X_TLS) && defined(HAVE_LDAP_SET_OPTION)
|
||||
int ssl=LDAP_OPT_X_TLS_HARD;
|
||||
|
||||
err=ldap_set_option(ldap,LDAP_OPT_X_TLS,&ssl);
|
||||
if(err!=LDAP_SUCCESS)
|
||||
{
|
||||
@ -1878,6 +1886,19 @@ main(int argc,char *argv[])
|
||||
fail_all(keylist,action,ldap_err_to_gpg_err(err));
|
||||
goto fail;
|
||||
}
|
||||
|
||||
if(!check_cert)
|
||||
ssl=LDAP_OPT_X_TLS_NEVER;
|
||||
|
||||
err=ldap_set_option(NULL,LDAP_OPT_X_TLS_REQUIRE_CERT,&ssl);
|
||||
if(err!=LDAP_SUCCESS)
|
||||
{
|
||||
fprintf(console,
|
||||
"gpgkeys: unable to set certificate validation: %s\n",
|
||||
ldap_err2string(err));
|
||||
fail_all(keylist,action,ldap_err_to_gpg_err(err));
|
||||
goto fail;
|
||||
}
|
||||
#else
|
||||
fprintf(console,"gpgkeys: unable to make SSL connection: %s\n",
|
||||
"not built with LDAPS support");
|
||||
@ -1915,15 +1936,22 @@ main(int argc,char *argv[])
|
||||
#if defined(HAVE_LDAP_START_TLS_S) && defined(HAVE_LDAP_SET_OPTION)
|
||||
int ver=LDAP_VERSION3;
|
||||
|
||||
err=LDAP_SUCCESS;
|
||||
|
||||
err=ldap_set_option(ldap,LDAP_OPT_PROTOCOL_VERSION,&ver);
|
||||
if(err==LDAP_SUCCESS)
|
||||
err=ldap_start_tls_s(ldap,NULL,NULL);
|
||||
{
|
||||
if(check_cert)
|
||||
ver=LDAP_OPT_X_TLS_HARD;
|
||||
else
|
||||
ver=LDAP_OPT_X_TLS_NEVER;
|
||||
|
||||
err=ldap_set_option(ldap,LDAP_OPT_X_TLS_REQUIRE_CERT,&ver);
|
||||
if(err==LDAP_SUCCESS)
|
||||
err=ldap_start_tls_s(ldap,NULL,NULL);
|
||||
}
|
||||
|
||||
if(err!=LDAP_SUCCESS)
|
||||
{
|
||||
if(use_tls==2 || verbose>2)
|
||||
if(use_tls>=2 || verbose>2)
|
||||
fprintf(console,"gpgkeys: unable to start TLS: %s\n",
|
||||
ldap_err2string(err));
|
||||
/* Are we forcing it? */
|
||||
@ -1952,7 +1980,7 @@ main(int argc,char *argv[])
|
||||
/* The LDAP keyserver doesn't require this, but it might be useful
|
||||
if someone stores keys on a V2 LDAP server somewhere. (V3
|
||||
doesn't require a bind). Leave this out for now since it is not
|
||||
clear if anyone server we're likely to use really cares, plus
|
||||
clear if anyone's server we're likely to use really cares, plus
|
||||
there are some servers that don't allow it. */
|
||||
|
||||
err=ldap_simple_bind_s(ldap,NULL,NULL);
|
||||
|
Loading…
x
Reference in New Issue
Block a user