gpg: Add new --auto-key-locate mechanism "dane".

* g10/call-dirmngr.c (gpg_dirmngr_dns_cert): Allow fetching via DANE. * g10/keyserver.c (keyserver_import_cert): Add arg "dane_mode". * g10/options.h (AKL_DANE): New. * g10/getkey.c (get_pubkey_byname): Implement AKL_DANE. (parse_auto_key_locate): Ditto. -- To test this use gpg --auto-key-locate clear,dane,local --locate-key -v wk@gnupg.org Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-02 22:46:30 +02:00 · 2015-10-06 20:31:43 +02:00 · 2015-10-06 20:31:43 +02:00 · 9ac31f91b1
commit 9ac31f91b1
parent 264a81d827
6 changed files with 36 additions and 15 deletions
--- a/g10/getkey.c
+++ b/g10/getkey.c
@ -898,7 +898,7 @@ get_pubkey_byname (ctrl_t ctrl, GETKEY_CTX * retctx, PKT_public_key * pk,
 	    case AKL_CERT:
 	      mechanism = "DNS CERT";
 	      glo_ctrl.in_auto_key_retrieve++;
-	      rc = keyserver_import_cert (ctrl, name, &fpr, &fpr_len);
+	      rc = keyserver_import_cert (ctrl, name, 0, &fpr, &fpr_len);
 	      glo_ctrl.in_auto_key_retrieve--;
 	      break;

@ -909,6 +909,13 @@ get_pubkey_byname (ctrl_t ctrl, GETKEY_CTX * retctx, PKT_public_key * pk,
 	      glo_ctrl.in_auto_key_retrieve--;
 	      break;

+	    case AKL_DANE:
+	      mechanism = "DANE";
+	      glo_ctrl.in_auto_key_retrieve++;
+	      rc = keyserver_import_cert (ctrl, name, 1, &fpr, &fpr_len);
+	      glo_ctrl.in_auto_key_retrieve--;
+	      break;
+
 	    case AKL_LDAP:
 	      mechanism = "LDAP";
 	      glo_ctrl.in_auto_key_retrieve++;
@ -3060,6 +3067,8 @@ parse_auto_key_locate (char *options)
 #endif
      else if (ascii_strcasecmp (tok, "pka") == 0)
 	akl->type = AKL_PKA;
+      else if (ascii_strcasecmp (tok, "dane") == 0)
+	akl->type = AKL_DANE;
      else if ((akl->spec = parse_keyserver_uri (tok, 1)))
 	akl->type = AKL_SPEC;
      else