* gpgkeys_hkp.c (send_key, get_key, get_name, search_key, main): Add

support for SSLized HKP.

keyserver/ChangeLog

@@ -1,7 +1,10 @@
 2009-05-10  David Shaw  <dshaw@jabberwocky.com>
 
 	From 1.4:
-	
+
+	* gpgkeys_hkp.c (send_key, get_key, get_name, search_key, main):
+	Add support for SSLized HKP.
+
 	* curl-shim.h (curl_version): No need to provide a version for
 	curl-shim as it always matches the GnuPG version.
 

keyserver/gpgkeys_hkp.c

@@ -1,6 +1,6 @@
 /* gpgkeys_hkp.c - talk to an HKP keyserver
- * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007
- *               2008 Free Software Foundation, Inc.
+ * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
+ *               2009 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
@@ -53,6 +53,7 @@ static FILE *input,*output,*console;
 static CURL *curl;
 static struct ks_options *opt;
 static char errorbuffer[CURL_ERROR_SIZE];
+static char *proto,*port;
 
 static size_t
 curl_mrindex_writer(const void *ptr,size_t size,size_t nmemb,void *stream)
@@ -181,13 +182,10 @@ send_key(int *r_eof)
   strcpy(key,"keytext=");
   strcat(key,encoded_key);
 
-  strcpy(request,"http://");
+  strcpy(request,proto);
   strcat(request,opt->host);
   strcat(request,":");
-  if(opt->port)
-    strcat(request,opt->port);
-  else
-    strcat(request,"11371");
+  strcat(request,port);
   strcat(request,opt->path);
   /* request is MAX_URL+15 bytes long - MAX_URL covers the whole URL,
      including any supplied path.  The 15 covers /pks/add. */
@@ -248,13 +246,10 @@ get_key(char *getkey)
       return KEYSERVER_NOT_SUPPORTED;
     }
 
-  strcpy(request,"http://");
+  strcpy(request,proto);
   strcat(request,opt->host);
   strcat(request,":");
-  if(opt->port)
-    strcat(request,opt->port);
-  else
-    strcat(request,"11371");
+  strcat(request,port);
   strcat(request,opt->path);
   /* request is MAX_URL+55 bytes long - MAX_URL covers the whole URL,
      including any supplied path.  The 60 overcovers this /pks/... etc
@@ -329,13 +324,10 @@ get_name(const char *getkey)
 
   fprintf(output,"NAME %s BEGIN\n",getkey);
 
-  strcpy(request,"http://");
+  strcpy(request,proto);
   strcat(request,opt->host);
   strcat(request,":");
-  if(opt->port)
-    strcat(request,opt->port);
-  else
-    strcat(request,"11371");
+  strcat(request,port);
   strcat(request,opt->path);
   append_path(request,"/pks/lookup?op=get&options=mr&search=");
   strcat(request,searchkey_encoded);
@@ -415,13 +407,10 @@ search_key(const char *searchkey)
 
   fprintf(output,"SEARCH %s BEGIN\n",searchkey);
 
-  strcpy(request,"http://");
+  strcpy(request,proto);
   strcat(request,opt->host);
   strcat(request,":");
-  if(opt->port)
-    strcat(request,opt->port);
-  else
-    strcat(request,"11371");
+  strcat(request,port);
   strcat(request,opt->path);
   append_path(request,"/pks/lookup?op=index&options=mr&search=");
 
@@ -628,6 +617,27 @@ main(int argc,char *argv[])
 	}
     }
 
+  if(!opt->scheme)
+    {
+      fprintf(console,"gpgkeys: no scheme supplied!\n");
+      ret=KEYSERVER_SCHEME_NOT_FOUND;
+      goto fail;
+    }
+
+  if(ks_strcasecmp(opt->scheme,"hkps")==0)
+    {
+      proto="https://";
+      port="443";
+    }
+  else
+    {
+      proto="http://";
+      port="11371";
+    }
+
+  if(opt->port)
+    port=opt->port;
+
   if(!opt->host)
     {
       fprintf(console,"gpgkeys: no keyserver host provided\n");
@@ -661,6 +671,9 @@ main(int argc,char *argv[])
       curl_easy_setopt(curl,CURLOPT_VERBOSE,1L);
     }
 
+  curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,(long)opt->flags.check_cert);
+  curl_easy_setopt(curl,CURLOPT_CAINFO,opt->ca_cert_file);
+
   if(proxy)
     curl_easy_setopt(curl,CURLOPT_PROXY,proxy);