gpgsm: Allow sepcification of ldaps servers.

* sm/gpgsm.h (struct keyserver_spec): Add field use_ldaps.
* sm/gpgsm.c (parse_keyserver_line): Parse flags.
* sm/call-dirmngr.c (prepare_dirmngr): Send ldaps flag to the dirmngr.

* dirmngr/dirmngr.h (struct ldap_server_s): Add field use_ldaps.
* dirmngr/ldapserver.c (ldapserver_parse_one): Parse flags.
* dirmngr/ldap.c (start_cert_fetch_ldap): Call wrapper with --tls.

* dirmngr/dirmngr_ldap.c: New option --tls.
(fetch_ldap): Make use of that option.
--

There was no way to specify an LDAPS server in
dirmngr_ldapserver.socnf or with gpgsm's --keyserver option.  This
patch fixes this.  Eventually we should allow to replace host and port
by a partial URI in the same way ldap_initialize does it.  For backward
compatibility we do not yet do that.

Although the dirmngr code accepts an URL (eg. taken from a
certificate), I can't see how the scheme was ever used.  Thus the
patch also detects an ldaps scheme and uses this.  That part has not
been tested, though.

Signed-off-by: Werner Koch <wk@gnupg.org>

dirmngr/ldap.c

@@ -525,7 +525,7 @@ start_cert_fetch_ldap (ctrl_t ctrl, cert_fetch_context_t *context,
   int argc = 0;
   int argc_malloced = 0;
   char portbuf[30], timeoutbuf[30];
-
+  int use_ldaps = 0;
 
   *context = NULL;
 
@@ -554,7 +554,7 @@ start_cert_fetch_ldap (ctrl_t ctrl, cert_fetch_context_t *context,
           goto leave;
         }
       base = server->base;
-
+      use_ldaps = server->use_ldaps;
     }
   else /* Use a default server. */
     return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
@@ -587,6 +587,8 @@ start_cert_fetch_ldap (ctrl_t ctrl, cert_fetch_context_t *context,
       argv[argc++] = "--proxy";
       argv[argc++] = proxy;
     }
+  if (use_ldaps)
+    argv[argc++] = "--tls";
   if (host)
     {
       argv[argc++] = "--host";