From a0627f5a2248ef8ac51992cd7997ce590da63af7 Mon Sep 17 00:00:00 2001 From: David Shaw Date: Mon, 11 May 2009 03:52:34 +0000 Subject: [PATCH] * gpgkeys_hkp.c (send_key, get_key, get_name, search_key, main): Add support for SSLized HKP. --- keyserver/ChangeLog | 5 +++- keyserver/gpgkeys_hkp.c | 57 +++++++++++++++++++++++++---------------- 2 files changed, 39 insertions(+), 23 deletions(-) diff --git a/keyserver/ChangeLog b/keyserver/ChangeLog index 85eab3c89..2b403379d 100644 --- a/keyserver/ChangeLog +++ b/keyserver/ChangeLog @@ -1,7 +1,10 @@ 2009-05-10 David Shaw From 1.4: - + + * gpgkeys_hkp.c (send_key, get_key, get_name, search_key, main): + Add support for SSLized HKP. + * curl-shim.h (curl_version): No need to provide a version for curl-shim as it always matches the GnuPG version. diff --git a/keyserver/gpgkeys_hkp.c b/keyserver/gpgkeys_hkp.c index 3a4e57634..ef6fd7cb4 100644 --- a/keyserver/gpgkeys_hkp.c +++ b/keyserver/gpgkeys_hkp.c @@ -1,6 +1,6 @@ /* gpgkeys_hkp.c - talk to an HKP keyserver - * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007 - * 2008 Free Software Foundation, Inc. + * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, + * 2009 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -53,6 +53,7 @@ static FILE *input,*output,*console; static CURL *curl; static struct ks_options *opt; static char errorbuffer[CURL_ERROR_SIZE]; +static char *proto,*port; static size_t curl_mrindex_writer(const void *ptr,size_t size,size_t nmemb,void *stream) @@ -181,13 +182,10 @@ send_key(int *r_eof) strcpy(key,"keytext="); strcat(key,encoded_key); - strcpy(request,"http://"); + strcpy(request,proto); strcat(request,opt->host); strcat(request,":"); - if(opt->port) - strcat(request,opt->port); - else - strcat(request,"11371"); + strcat(request,port); strcat(request,opt->path); /* request is MAX_URL+15 bytes long - MAX_URL covers the whole URL, including any supplied path. The 15 covers /pks/add. */ @@ -248,13 +246,10 @@ get_key(char *getkey) return KEYSERVER_NOT_SUPPORTED; } - strcpy(request,"http://"); + strcpy(request,proto); strcat(request,opt->host); strcat(request,":"); - if(opt->port) - strcat(request,opt->port); - else - strcat(request,"11371"); + strcat(request,port); strcat(request,opt->path); /* request is MAX_URL+55 bytes long - MAX_URL covers the whole URL, including any supplied path. The 60 overcovers this /pks/... etc @@ -329,13 +324,10 @@ get_name(const char *getkey) fprintf(output,"NAME %s BEGIN\n",getkey); - strcpy(request,"http://"); + strcpy(request,proto); strcat(request,opt->host); strcat(request,":"); - if(opt->port) - strcat(request,opt->port); - else - strcat(request,"11371"); + strcat(request,port); strcat(request,opt->path); append_path(request,"/pks/lookup?op=get&options=mr&search="); strcat(request,searchkey_encoded); @@ -415,13 +407,10 @@ search_key(const char *searchkey) fprintf(output,"SEARCH %s BEGIN\n",searchkey); - strcpy(request,"http://"); + strcpy(request,proto); strcat(request,opt->host); strcat(request,":"); - if(opt->port) - strcat(request,opt->port); - else - strcat(request,"11371"); + strcat(request,port); strcat(request,opt->path); append_path(request,"/pks/lookup?op=index&options=mr&search="); @@ -628,6 +617,27 @@ main(int argc,char *argv[]) } } + if(!opt->scheme) + { + fprintf(console,"gpgkeys: no scheme supplied!\n"); + ret=KEYSERVER_SCHEME_NOT_FOUND; + goto fail; + } + + if(ks_strcasecmp(opt->scheme,"hkps")==0) + { + proto="https://"; + port="443"; + } + else + { + proto="http://"; + port="11371"; + } + + if(opt->port) + port=opt->port; + if(!opt->host) { fprintf(console,"gpgkeys: no keyserver host provided\n"); @@ -661,6 +671,9 @@ main(int argc,char *argv[]) curl_easy_setopt(curl,CURLOPT_VERBOSE,1L); } + curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,(long)opt->flags.check_cert); + curl_easy_setopt(curl,CURLOPT_CAINFO,opt->ca_cert_file); + if(proxy) curl_easy_setopt(curl,CURLOPT_PROXY,proxy);