security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-05-24 16:43:28 +02:00
Code Activity

dirmngr: Workaround for a certain broken LDAP URL

Browse Source 
* dirmngr/ldap.c (url_fetch_ldap): Detect and replace.
--

The actual URL causing this is

ldap://ldap.dgnservice.de:389/CN=CRL-1,O=DGN%20Service%20GmbH,\
C=DE?certificateRevocationList?base?objectClass=cRLDistributionPoint

It is actually not very helpful because I had problems finding the
issuer cert:

CN=dgnservice CRL2101 13:PN,O=DGN Deutsches Gesundheitsnetz \
Service GmbH,C=DE
This commit is contained in:
Werner Koch 2022-03-25 13:36:20 +01:00
parent 0f03bdcd2e
commit 90caa7ad59
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 19 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
dirmngr/ldap.c
View File

@ -230,9 +230,25 @@ url_fetch_ldap (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
if (ludp->lud_filter && ludp->lud_filter[0] != '(') if (ludp->lud_filter && ludp->lud_filter[0] != '(')
{ {
log_error (_("'%s' is an invalid LDAP URL\n"), url); if (!strcmp (ludp->lud_filter, "objectClass=cRLDistributionPoint"))
err = gpg_error (GPG_ERR_BAD_URI); {
goto leave; /* Hack for broken DPs in DGN certs. */
log_info ("fixing broken LDAP URL\n");
free (ludp->lud_filter);
ludp->lud_filter
= strdup ("(objectClass=cRLDistributionPoint)");
if (!ludp->lud_filter)
{
err = gpg_error_from_syserror ();
goto leave;
}
}
else
{
log_error (_("'%s' is an invalid LDAP URL\n"), url);
err = gpg_error (GPG_ERR_BAD_URI);
goto leave;
}
} }
if (ludp->lud_scheme && !strcmp (ludp->lud_scheme, "ldaps")) if (ludp->lud_scheme && !strcmp (ludp->lud_scheme, "ldaps"))