dirmngr: Workaround for a certain broken LDAP URL

* dirmngr/ldap.c (url_fetch_ldap): Detect and replace. -- The actual URL causing this is ldap://ldap.dgnservice.de:389/CN=CRL-1,O=DGN%20Service%20GmbH,\ C=DE?certificateRevocationList?base?objectClass=cRLDistributionPoint It is actually not very helpful because I had problems finding the issuer cert: CN=dgnservice CRL2101 13:PN,O=DGN Deutsches Gesundheitsnetz \ Service GmbH,C=DE
2025-01-30 16:17:02 +01:00 · 2022-03-25 13:36:20 +01:00 · 2022-03-25 13:36:20 +01:00 · 90caa7ad59
commit 90caa7ad59
parent 0f03bdcd2e
1 changed files with 19 additions and 3 deletions
--- a/dirmngr/ldap.c
+++ b/dirmngr/ldap.c
@ -230,9 +230,25 @@ url_fetch_ldap (ctrl_t ctrl, const char *url, ksba_reader_t *reader)

  if (ludp->lud_filter && ludp->lud_filter[0] != '(')
    {
-      log_error (_("'%s' is an invalid LDAP URL\n"), url);
-      err = gpg_error (GPG_ERR_BAD_URI);
-      goto leave;
+      if (!strcmp (ludp->lud_filter, "objectClass=cRLDistributionPoint"))
+        {
+          /* Hack for broken DPs in DGN certs.  */
+          log_info ("fixing broken LDAP URL\n");
+          free (ludp->lud_filter);
+          ludp->lud_filter
+            = strdup ("(objectClass=cRLDistributionPoint)");
+          if (!ludp->lud_filter)
+            {
+              err = gpg_error_from_syserror ();
+              goto leave;
+            }
+        }
+      else
+        {
+          log_error (_("'%s' is an invalid LDAP URL\n"), url);
+          err = gpg_error (GPG_ERR_BAD_URI);
+          goto leave;
+        }
    }

  if (ludp->lud_scheme && !strcmp (ludp->lud_scheme, "ldaps"))