security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

Merge branch 'STABLE-BRANCH-2-4'

Browse source 
--
Resolved conflicts:
	NEWS
	common/exechelp-w32.c
	configure.ac
This commit is contained in:
Werner Koch 2024-03-12 16:00:55 +01:00
commit 4485930f9f
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
103 changed files with 1485 additions and 1135 deletions
Download patch file Download diff file Expand all files Collapse all files

1
dirmngr/crlcache.c
View file

@ -2086,6 +2086,7 @@ crl_parse_insert (ctrl_t ctrl, ksba_crl_t crl,
err = validate_cert_chain (ctrl, crlissuer_cert, NULL,
(VALIDATE_FLAG_TRUST_CONFIG
| VALIDATE_FLAG_TRUST_SYSTEM
| VALIDATE_FLAG_CRL
| VALIDATE_FLAG_RECURSIVE),
r_trust_anchor);

2
dirmngr/dirmngr_ldap.c
View file

@ -107,7 +107,7 @@ static gpgrt_opt_t opts[] = {
" a record oriented format"},
{ oProxy, "proxy", 2,
"|NAME|ignore host part and connect through NAME"},
{ oStartTLS, "starttls", 0, "use STARTLS for the conenction"},
{ oStartTLS, "starttls", 0, "use STARTLS for the connection"},
{ oLdapTLS, "ldaptls", 0, "use a TLS for the connection"},
{ oNtds, "ntds", 0, "authenticate using AD"},
{ oARecOnly, "areconly", 0, "do only an A record lookup"},

34
dirmngr/http.c
View file

@ -2362,7 +2362,6 @@ run_gnutls_handshake (http_t hd, const char *server)
* NULL, decode the string and use this as input from teh server. On
* success the final output token is stored at PROXY->OUTTOKEN and
* OUTTOKLEN. IF the authentication succeeded OUTTOKLEN is zero. */
#ifdef USE_TLS
static gpg_error_t
proxy_get_token (proxy_info_t proxy, const char *inputstring)
{
@ -2530,11 +2529,9 @@ proxy_get_token (proxy_info_t proxy, const char *inputstring)
#endif /*!HAVE_W32_SYSTEM*/
}
#endif /*USE_TLS*/
/* Use the CONNECT method to proxy our TLS stream. */
#ifdef USE_TLS
static gpg_error_t
run_proxy_connect (http_t hd, proxy_info_t proxy,
const char *httphost, const char *server,
@ -2556,6 +2553,7 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
* RFC-4559 - SPNEGO-based Kerberos and NTLM HTTP Authentication
*/
auth_basic = !!proxy->uri->auth;
hd->keep_alive = !auth_basic; /* We may need to send more requests. */
/* For basic authentication we need to send just one request. */
if (auth_basic
@ -2577,16 +2575,15 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
httphost ? httphost : server,
port,
authhdr ? authhdr : "",
auth_basic? "" : "Connection: keep-alive\r\n");
hd->keep_alive? "Connection: keep-alive\r\n" : "");
if (!request)
{
err = gpg_error_from_syserror ();
goto leave;
}
hd->keep_alive = !auth_basic; /* We may need to send more requests. */
if (opt_debug || (hd->flags & HTTP_FLAG_LOG_RESP))
log_debug_with_string (request, "http.c:proxy:request:");
log_debug_string (request, "http.c:proxy:request:");
if (!hd->fp_write)
{
@ -2610,16 +2607,6 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
if (err)
goto leave;
{
unsigned long count = 0;
while (es_getc (hd->fp_read) != EOF)
count++;
if (opt_debug)
log_debug ("http.c:proxy_connect: skipped %lu bytes of response-body\n",
count);
}
/* Reset state. */
es_clearerr (hd->fp_read);
((cookie_t)(hd->read_cookie))->up_to_empty_line = 1;
@ -2730,6 +2717,14 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
}
leave:
if (hd->keep_alive)
{
es_fclose (hd->fp_write);
hd->fp_write = NULL;
/* The close has released the cookie and thus we better set it
* to NULL. */
hd->write_cookie = NULL;
}
/* Restore flags, destroy stream, reset state. */
hd->flags = saved_flags;
es_fclose (hd->fp_read);
@ -2743,7 +2738,6 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
xfree (tmpstr);
return err;
}
#endif /*USE_TLS*/
/* Make a request string using a standard proxy. On success the
@ -2882,7 +2876,7 @@ send_request (ctrl_t ctrl,
if (proxy && proxy->is_http_proxy)
{
use_http_proxy = 1; /* We want to use a proxy for the conenction. */
use_http_proxy = 1; /* We want to use a proxy for the connection. */
err = connect_server (ctrl,
*proxy->uri->host ? proxy->uri->host : "localhost",
proxy->uri->port ? proxy->uri->port : 80,
@ -2903,7 +2897,6 @@ send_request (ctrl_t ctrl,
goto leave;
}
#if USE_TLS
if (use_http_proxy && hd->uri->use_tls)
{
err = run_proxy_connect (hd, proxy, httphost, server, port);
@ -2915,7 +2908,6 @@ send_request (ctrl_t ctrl,
* clear the flag to indicate this. */
use_http_proxy = 0;
}
#endif /* USE_TLS */
#if HTTP_USE_NTBTLS
err = run_ntbtls_handshake (hd);
@ -4411,7 +4403,7 @@ same_host_p (parsed_uri_t a, parsed_uri_t b)
}
/* Also consider hosts the same if they differ only in a subdomain;
* in both direction. This allows to have redirection between the
* in both direction. This allows one to have redirection between the
* WKD advanced and direct lookup methods. */
for (i=0; i < DIM (subdomains); i++)
{

2
dirmngr/ks-engine-ldap.c
View file

@ -607,7 +607,7 @@ interrogate_ldap_dn (LDAP *ldap_conn, const char *basedn_search,
* including whether to use TLS and the username and password (see
* ldap_parse_uri for a description of the various fields). Be
* default a PGP keyserver is assumed; if GENERIC is true a generic
* ldap conenction is instead established.
* ldap connection is instead established.
*
* Returns: The ldap connection handle in *LDAP_CONNP, R_BASEDN is set
* to the base DN for the PGP key space, several flags will be stored

2
dirmngr/server.c
View file

@ -3325,7 +3325,7 @@ dirmngr_status_help (ctrl_t ctrl, const char *text)
/* Print a help status line using a printf like format. The function
* splits text at LFs. With CTRL beeing NULL, the function behaves
* splits text at LFs. With CTRL being NULL, the function behaves
* like log_info. */
gpg_error_t
dirmngr_status_helpf (ctrl_t ctrl, const char *format, ...)