1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00

dirmngr: Add support for hkps keyservers.

* dirmngr/dirmngr.c: Include gnutls.h.
(opts): Add --gnutls-debug and --hkp-cacert.
(opt_gnutls_debug, my_gnutls_log): New.
(set_debug): Set gnutls log level.
(parse_rereadable_options): Register a CA file.
(main): Init GNUTLS.
* dirmngr/ks-engine-hkp.c (ks_hkp_help): Support hkps.
(send_request): Ditto.
This commit is contained in:
Werner Koch 2014-05-05 16:09:45 +02:00
parent ea0f5481f0
commit 60e2fc7d38
5 changed files with 194 additions and 70 deletions

View file

@ -628,12 +628,14 @@ ks_hkp_help (ctrl_t ctrl, parsed_uri_t uri)
const char const data[] =
"Handler for HKP URLs:\n"
" hkp://\n"
" hkps://\n"
"Supported methods: search, get, put\n";
gpg_error_t err;
if (!uri)
err = ks_print_help (ctrl, " hkp");
else if (uri->is_http && !strcmp (uri->scheme, "hkp"))
err = ks_print_help (ctrl, " hkp\n hkps");
else if (uri->is_http && (!strcmp (uri->scheme, "hkp")
|| !strcmp (uri->scheme, "hkps")))
err = ks_print_help (ctrl, data);
else
err = 0;
@ -747,6 +749,7 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr,
estream_t *r_fp)
{
gpg_error_t err;
http_session_t session = NULL;
http_t http = NULL;
int redirects_left = MAX_REDIRECTS;
estream_t fp = NULL;
@ -754,6 +757,10 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr,
*r_fp = NULL;
err = http_session_new (&session, NULL);
if (err)
goto leave;
once_more:
err = http_open (&http,
post_cb? HTTP_REQ_POST : HTTP_REQ_GET,
@ -761,7 +768,8 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr,
/* fixme: AUTH */ NULL,
httpflags,
/* fixme: proxy*/ NULL,
NULL, NULL,
session,
NULL,
/*FIXME curl->srvtag*/NULL);
if (!err)
{
@ -798,6 +806,13 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr,
goto leave;
}
if (http_get_tls_info (http, NULL))
{
/* Update the httpflags so that a redirect won't fallback to an
unencrypted connection. */
httpflags |= HTTP_FLAG_FORCE_TLS;
}
switch (http_get_status_code (http))
{
case 200:
@ -806,6 +821,7 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr,
case 301:
case 302:
case 307:
{
const char *s = http_get_header (http, "Location");
@ -837,6 +853,10 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr,
goto leave;
}
/* FIXME: We should register a permanent redirection and whether a
host has ever used TLS so that future calls will always use
TLS. */
fp = http_get_read_ptr (http);
if (!fp)
{
@ -851,6 +871,7 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr,
leave:
http_close (http, 0);
http_session_release (session);
xfree (request_buffer);
return err;
}