* options.h, gpg.c (main), mainproc.c (check_sig_and_print), keyserver.c

(keyserver_opts): Rename auto-pka-retrieve to honor-pka-record to be consistent with honor-keyserver-url.
2025-01-08 12:44:23 +01:00 · 2006-02-22 20:20:58 +00:00 · 2006-02-22 20:20:58 +00:00 · 477defdb1b
commit 477defdb1b
parent 7eab1846ca
5 changed files with 19 additions and 10 deletions
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,5 +1,9 @@
 2006-02-22  David Shaw  <dshaw@jabberwocky.com>

+	* options.h, gpg.c (main), mainproc.c (check_sig_and_print),
+	keyserver.c (keyserver_opts): Rename auto-pka-retrieve to
+	honor-pka-record to be consistent with honor-keyserver-url.
+
 	* options.h, keydb.h, g10.c (main), getkey.c
 	(parse_auto_key_locate): Parse a list of key access methods.
 	(get_pubkey_byname): Walk the list here to try and retrieve keys
--- a/g10/gpg.c
+++ b/g10/gpg.c
@ -1731,7 +1731,7 @@ main (int argc, char **argv )
    opt.keyserver_options.import_options=IMPORT_REPAIR_PKS_SUBKEY_BUG;
    opt.keyserver_options.export_options=EXPORT_ATTRIBUTES;
    opt.keyserver_options.options=
-      KEYSERVER_INCLUDE_SUBKEYS|KEYSERVER_INCLUDE_REVOKED|KEYSERVER_TRY_DNS_SRV|KEYSERVER_HONOR_KEYSERVER_URL|KEYSERVER_AUTO_PKA_RETRIEVE;
+      KEYSERVER_INCLUDE_SUBKEYS|KEYSERVER_INCLUDE_REVOKED|KEYSERVER_TRY_DNS_SRV|KEYSERVER_HONOR_KEYSERVER_URL|KEYSERVER_HONOR_PKA_RECORD;
    opt.verify_options=
      VERIFY_SHOW_POLICY_URLS|VERIFY_SHOW_STD_NOTATIONS|VERIFY_SHOW_KEYSERVER_URLS;
    opt.trust_model=TM_AUTO;
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@ -85,14 +85,14 @@ static struct parse_options keyserver_opts[]=
     NULL},
    {"auto-key-retrieve",KEYSERVER_AUTO_KEY_RETRIEVE,NULL,
     N_("automatically retrieve keys when verifying signatures")},
-    {"auto-pka-retrieve",KEYSERVER_AUTO_PKA_RETRIEVE,NULL,
-     N_("automatically retrieve keys from PKA records")},
    {"auto-cert-retrieve",KEYSERVER_AUTO_CERT_RETRIEVE,NULL,
     N_("automatically retrieve keys from DNS")},
    {"try-dns-srv",KEYSERVER_TRY_DNS_SRV,NULL,
     NULL},
    {"honor-keyserver-url",KEYSERVER_HONOR_KEYSERVER_URL,NULL,
     N_("honor the preferred keyserver URL set on the key")},
+    {"honor-pka-record",KEYSERVER_HONOR_PKA_RECORD,NULL,
+     N_("honor the PKA record set on a key when retrieving keys")},
    {NULL,0,NULL,NULL}
  };

@ -1740,7 +1740,7 @@ keyidlist(STRLIST users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3)
 	      /* Try and parse the keyserver URL.  If it doesn't work,
 		 then we end up writing NULL which indicates we are
 		 the same as any other key. */
-	      if(uid && sig)
+	      if(sig)
 		(*klist)[*count].skipfncvalue=parse_preferred_keyserver(sig);
 	    }

@ -1977,7 +1977,8 @@ keyserver_import_cert(const char *name)
  return rc;
 }

-/* Import key pointed to by a PKA record */
+/* Import key pointed to by a PKA record. Return the requested
+   fingerprint in fpr. */
 int
 keyserver_import_pka(const char *name,unsigned char *fpr)
 {
@ -2041,6 +2042,11 @@ keyserver_import_ldap(const char *name)
  keyserver->host=xmalloc(5+strlen(domain)+1);
  strcpy(keyserver->host,"keys.");
  strcat(keyserver->host,domain);
+  keyserver->uri=xmalloc(strlen(keyserver->scheme)+
+			 3+strlen(keyserver->host)+1);
+  strcpy(keyserver->uri,keyserver->scheme);
+  strcat(keyserver->uri,"://");
+  strcat(keyserver->uri,keyserver->host);
    
  rc=keyserver_work(KS_GETNAME,list,NULL,0,keyserver);

--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@ -1530,11 +1530,11 @@ check_sig_and_print( CTX c, KBNODE node )
 	  }
      }

-
    /* If the preferred keyserver thing above didn't work, our second
       try is to use the URI from a DNS PKA record. */
    if ( rc == G10ERR_NO_PUBKEY 
-         && (opt.keyserver_options.options&KEYSERVER_AUTO_PKA_RETRIEVE))
+	 && opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE
+         && opt.keyserver_options.options&KEYSERVER_HONOR_PKA_RECORD)
      {
        const char *uri = pka_uri_from_sig (sig);
        
@ -1558,12 +1558,11 @@ check_sig_and_print( CTX c, KBNODE node )
          }
      }

-
    /* If the preferred keyserver thing above didn't work and we got
       no information from the DNS PKA, this is a third try. */

    if( rc == G10ERR_NO_PUBKEY && opt.keyserver
-	&& (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE))
+	&& opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE)
      {
 	int res;

--- a/g10/options.h
+++ b/g10/options.h
@ -319,7 +319,7 @@ struct {
 #define KEYSERVER_AUTO_KEY_RETRIEVE      (1<<5)
 #define KEYSERVER_TRY_DNS_SRV            (1<<6)
 #define KEYSERVER_HONOR_KEYSERVER_URL    (1<<7)
-#define KEYSERVER_AUTO_PKA_RETRIEVE      (1<<8)
+#define KEYSERVER_HONOR_PKA_RECORD       (1<<8)
 #define KEYSERVER_AUTO_CERT_RETRIEVE     (1<<9)

 #endif /*G10_OPTIONS_H*/