From 90caa7ad598be123707f4d4651f9a64a74347626 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Fri, 25 Mar 2022 13:36:20 +0100 Subject: [PATCH] dirmngr: Workaround for a certain broken LDAP URL * dirmngr/ldap.c (url_fetch_ldap): Detect and replace. -- The actual URL causing this is ldap://ldap.dgnservice.de:389/CN=CRL-1,O=DGN%20Service%20GmbH,\ C=DE?certificateRevocationList?base?objectClass=cRLDistributionPoint It is actually not very helpful because I had problems finding the issuer cert: CN=dgnservice CRL2101 13:PN,O=DGN Deutsches Gesundheitsnetz \ Service GmbH,C=DE --- dirmngr/ldap.c | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/dirmngr/ldap.c b/dirmngr/ldap.c index 742403511..174c6d93f 100644 --- a/dirmngr/ldap.c +++ b/dirmngr/ldap.c @@ -230,9 +230,25 @@ url_fetch_ldap (ctrl_t ctrl, const char *url, ksba_reader_t *reader) if (ludp->lud_filter && ludp->lud_filter[0] != '(') { - log_error (_("'%s' is an invalid LDAP URL\n"), url); - err = gpg_error (GPG_ERR_BAD_URI); - goto leave; + if (!strcmp (ludp->lud_filter, "objectClass=cRLDistributionPoint")) + { + /* Hack for broken DPs in DGN certs. */ + log_info ("fixing broken LDAP URL\n"); + free (ludp->lud_filter); + ludp->lud_filter + = strdup ("(objectClass=cRLDistributionPoint)"); + if (!ludp->lud_filter) + { + err = gpg_error_from_syserror (); + goto leave; + } + } + else + { + log_error (_("'%s' is an invalid LDAP URL\n"), url); + err = gpg_error (GPG_ERR_BAD_URI); + goto leave; + } } if (ludp->lud_scheme && !strcmp (ludp->lud_scheme, "ldaps"))