From 3cfc77097d9ab120e3f5102b7ad07c56223272c9 Mon Sep 17 00:00:00 2001
From: David Shaw <dshaw@jabberwocky.com>
Date: Fri, 17 Mar 2006 05:20:13 +0000
Subject: [PATCH] * keyserver.c (keyserver_import_cert): Handle the IPGP CERT
 type for both the fingerprint alone, and fingerprint+URL cases.

* getkey.c (get_pubkey_byname): Minor cleanup.
---
 g10/ChangeLog   |  7 +++++++
 g10/getkey.c    | 23 +++++++++++------------
 g10/keyserver.c | 37 +++++++++++++++++++++++++------------
 3 files changed, 43 insertions(+), 24 deletions(-)

diff --git a/g10/ChangeLog b/g10/ChangeLog
index d3df2552b..27a7c04ef 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,10 @@
+2006-03-16  David Shaw  <dshaw@jabberwocky.com>
+
+	* keyserver.c (keyserver_import_cert): Handle the IPGP CERT type
+	for both the fingerprint alone, and fingerprint+URL cases.
+
+	* getkey.c (get_pubkey_byname): Minor cleanup.
+
 2006-03-13  David Shaw  <dshaw@jabberwocky.com>
 
 	* keyserver-internal.h, keyserver.c (keyserver_import_pka): Use
diff --git a/g10/getkey.c b/g10/getkey.c
index 8594ad9e6..0a314c4ee 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -917,7 +917,6 @@ get_pubkey_byname (PKT_public_key *pk,
 
   if (rc == G10ERR_NO_PUBKEY && is_valid_mailbox(name))
     {
-      int res;
       struct akl *akl;
 
       for(akl=opt.auto_key_locate;akl;akl=akl->next)
@@ -929,29 +928,29 @@ get_pubkey_byname (PKT_public_key *pk,
 	    {
 	    case AKL_CERT:
 	      glo_ctrl.in_auto_key_retrieve++;
-	      res=keyserver_import_cert(name,&fpr,&fpr_len);
+	      rc=keyserver_import_cert(name,&fpr,&fpr_len);
 	      glo_ctrl.in_auto_key_retrieve--;
 
-	      if(res==0)
+	      if(rc==0)
 		log_info(_("Automatically retrieved `%s' via %s\n"),
 			 name,"DNS CERT");
 	      break;
 
 	    case AKL_PKA:
 	      glo_ctrl.in_auto_key_retrieve++;
-	      res=keyserver_import_pka(name,&fpr,&fpr_len);
+	      rc=keyserver_import_pka(name,&fpr,&fpr_len);
 
-	      if(res==0)
+	      if(rc==0)
 		log_info(_("Automatically retrieved `%s' via %s\n"),
 			 name,"PKA");
 	      break;
 
 	    case AKL_LDAP:
 	      glo_ctrl.in_auto_key_retrieve++;
-	      res=keyserver_import_ldap(name,&fpr,&fpr_len);
+	      rc=keyserver_import_ldap(name,&fpr,&fpr_len);
 	      glo_ctrl.in_auto_key_retrieve--;
 
-	      if(res==0)
+	      if(rc==0)
 		log_info(_("Automatically retrieved `%s' via %s\n"),
 			 name,"LDAP");
 	      break;
@@ -964,10 +963,10 @@ get_pubkey_byname (PKT_public_key *pk,
 	      if(opt.keyserver)
 		{
 		  glo_ctrl.in_auto_key_retrieve++;
-		  res=keyserver_import_name(name,&fpr,&fpr_len,opt.keyserver);
+		  rc=keyserver_import_name(name,&fpr,&fpr_len,opt.keyserver);
 		  glo_ctrl.in_auto_key_retrieve--;
 
-		  if(res==0)
+		  if(rc==0)
 		    log_info(_("Automatically retrieved `%s' via %s\n"),
 			     name,opt.keyserver->uri);
 		}
@@ -979,10 +978,10 @@ get_pubkey_byname (PKT_public_key *pk,
 
 		keyserver=keyserver_match(akl->spec);
 		glo_ctrl.in_auto_key_retrieve++;
-		res=keyserver_import_name(name,&fpr,&fpr_len,keyserver);
+		rc=keyserver_import_name(name,&fpr,&fpr_len,keyserver);
 		glo_ctrl.in_auto_key_retrieve--;
 
-		if(res==0)
+		if(rc==0)
 		  log_info(_("Automatically retrieved `%s' via %s\n"),
 			   name,akl->spec->uri);
 	      }
@@ -996,7 +995,7 @@ get_pubkey_byname (PKT_public_key *pk,
 	     requirement as the URL might point to a key put in by an
 	     attacker.  By forcing the use of the fingerprint, we
 	     won't use the attacker's key here. */
-	  if(res==0 && fpr)
+	  if(rc==0 && fpr)
 	    {
 	      int i;
 	      char fpr_string[MAX_FINGERPRINT_LEN*2+1];
diff --git a/g10/keyserver.c b/g10/keyserver.c
index 30e8ae6d6..256691a2a 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -1985,7 +1985,7 @@ keyserver_import_cert(const char *name,unsigned char **fpr,size_t *fpr_len)
 {
   char *domain,*look,*url;
   IOBUF key;
-  int type,rc=-1;
+  int type,rc=G10ERR_GENERAL;
 
   look=xstrdup(name);
 
@@ -1993,7 +1993,7 @@ keyserver_import_cert(const char *name,unsigned char **fpr,size_t *fpr_len)
   if(domain)
     *domain='.';
 
-  type=get_cert(look,max_cert_size,&key,NULL,NULL,&url);
+  type=get_cert(look,max_cert_size,&key,fpr,fpr_len,&url);
   if(type==1)
     {
       int armor_status=opt.no_armor;
@@ -2008,21 +2008,34 @@ keyserver_import_cert(const char *name,unsigned char **fpr,size_t *fpr_len)
 
       iobuf_close(key);
     }
-  else if(type==2)
+  else if(type==2 && *fpr)
     {
-      struct keyserver_spec *spec;
-
-      spec=parse_keyserver_uri(url,1,NULL,0);
-      if(spec)
+      /* We only consider the IPGP type if a fingerprint was provided.
+	 This lets us select the right key regardless of what a URL
+	 points to, or get the key from a keyserver. */
+      if(url)
 	{
-	  STRLIST list=NULL;
+	  struct keyserver_spec *spec;
 
-	  add_to_strlist(&list,url);
+	  spec=parse_keyserver_uri(url,1,NULL,0);
+	  if(spec)
+	    {
+	      STRLIST list=NULL;
 
-	  rc=keyserver_fetch(list);
+	      add_to_strlist(&list,url);
 
-	  free_strlist(list);
-	  free_keyserver_spec(spec);
+	      rc=keyserver_fetch(list);
+
+	      free_strlist(list);
+	      free_keyserver_spec(spec);
+	    }
+	}
+      else if(opt.keyserver)
+	{
+	  /* If only a fingerprint is provided, try and fetch it from
+	     our --keyserver */
+
+	  rc=keyserver_import_fprint(*fpr,*fpr_len,opt.keyserver);
 	}
 
       xfree(url);