security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

gpg: Add new --auto-key-locate mechanism "dane".

Browse source 
* g10/call-dirmngr.c (gpg_dirmngr_dns_cert): Allow fetching via DANE.
* g10/keyserver.c (keyserver_import_cert): Add arg "dane_mode".
* g10/options.h (AKL_DANE): New.
* g10/getkey.c (get_pubkey_byname): Implement AKL_DANE.
(parse_auto_key_locate): Ditto.
--

To test this use

  gpg --auto-key-locate clear,dane,local --locate-key -v wk@gnupg.org

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2015-10-06 20:31:43 +02:00
parent 264a81d827
commit 9ac31f91b1
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
6 changed files with 36 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

7
g10/call-dirmngr.c
View file

@ -1103,7 +1103,10 @@ dns_cert_status_cb (void *opaque, const char *line)
CERT record found with a supported type; it is expected that only
one CERT record is used. If CERTTYPE is one of the supported
certtypes, only records with this certtype are considered and the
first one found is returned. All R_* args are optional. */
first one found is returned. All R_* args are optional.
If CERTTYPE is NULL the DANE method is used to fetch the key.
*/
gpg_error_t
gpg_dirmngr_dns_cert (ctrl_t ctrl, const char *name, const char *certtype,
estream_t *r_key,
@ -1129,7 +1132,7 @@ gpg_dirmngr_dns_cert (ctrl_t ctrl, const char *name, const char *certtype,
if (err)
return err;
line = es_bsprintf ("DNS_CERT %s %s", certtype, name);
line = es_bsprintf ("DNS_CERT %s %s", certtype? certtype : "--dane", name);
if (!line)
{
err = gpg_error_from_syserror ();