dirmngr: Support https for KS_FETCH.

* dirmngr/ks-engine-hkp.c (cert_log_cb): Move to ... * dirmngr/misc.c (cert_log_cb): here. * dirmngr/ks-engine-http.c (ks_http_fetch): Support 307-redirection and https. -- Note that this requires that the root certificates are registered using the --hkp-cacert option. Eventually we may introduce a separate option to allow using different CAs for KS_FETCH and keyserver based requests.
2025-07-03 22:56:33 +02:00 · 2014-09-10 10:37:48 +02:00 · 2014-09-10 10:37:48 +02:00 · 84419f42da
commit 84419f42da
parent 3b20cc21de
4 changed files with 48 additions and 35 deletions
--- a/dirmngr/ks-engine-hkp.c
+++ b/dirmngr/ks-engine-hkp.c
@ -880,40 +880,6 @@ ks_hkp_housekeeping (time_t curtime)
 }


-/* Callback to print infos about the TLS certificates.  */
-static void
-cert_log_cb (http_session_t sess, gpg_error_t err,
-             const char *hostname, const void **certs, size_t *certlens)
-{
-  ksba_cert_t cert;
-  size_t n;
-
-  (void)sess;
-
-  if (!err)
-    return; /* No error - no need to log anything  */
-
-  log_debug ("expected hostname: %s\n", hostname);
-  for (n=0; certs[n]; n++)
-    {
-      err = ksba_cert_new (&cert);
-      if (!err)
-        err = ksba_cert_init_from_mem (cert, certs[n], certlens[n]);
-      if (err)
-        log_error ("error parsing cert for logging: %s\n", gpg_strerror (err));
-      else
-        {
-          char textbuf[20];
-          snprintf (textbuf, sizeof textbuf, "server[%u]", (unsigned int)n);
-          dump_cert (textbuf, cert);
-        }
-
-      ksba_cert_release (cert);
-    }
-}
-
-
-
 /* Send an HTTP request.  On success returns an estream object at
   R_FP.  HOSTPORTSTR is only used for diagnostics.  If HTTPHOST is
   not NULL it will be used as HTTP "Host" header.  If POST_CB is not