security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

dirmngr: Add http proxy support for keyservers. 

* dirmngr/dirmngr.h (server_control_s): Add field http_proxy.
* dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Copy http_proxy value
from OPT.
(dirmngr_deinit_default_ctrl): New.
(main): Call dirmngr_deinit_default_ctrl.
* dirmngr/server.c (start_command_handler): Ditto.
(option_handler): Add option "http-proxy".
* dirmngr/crlfetch.c (crl_fetch): Take http_proxy from CTRL.
* dirmngr/ocsp.c (do_ocsp_request): Ditto.
* dirmngr/ks-engine-hkp.c (send_request): Add proxy support.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2015-04-21 17:14:53 +02:00
parent 727fe4f8d7
commit a0dead5edc
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
7 changed files with 36 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
dirmngr/crlfetch.c
View File

@ -157,10 +157,6 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
char *free_this = NULL;
int redirects_left = 2; /* We allow for 2 redirect levels. */
#ifndef USE_LDAP
(void)ctrl;
#endif
*reader = NULL;
if (!url)
@ -202,7 +198,7 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
err = http_open_document (&hd, url, NULL,
(opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
|(DBG_LOOKUP? HTTP_FLAG_LOG_RESP:0),
opt.http_proxy, NULL, NULL, NULL);
ctrl->http_proxy, NULL, NULL, NULL);
switch ( err? 99999 : http_get_status_code (hd) )
{

15
dirmngr/dirmngr.c
View File

@ -1277,6 +1277,7 @@ main (int argc, char **argv)
for (; !rc && argc; argc--, argv++)
rc = crl_cache_load (&ctrlbuf, *argv);
}
dirmngr_deinit_default_ctrl (&ctrlbuf);
}
else if (cmd == aFetchCRL)
{
@ -1306,6 +1307,7 @@ main (int argc, char **argv)
argv[0], gpg_strerror (rc));
crl_close_reader (reader);
}
dirmngr_deinit_default_ctrl (&ctrlbuf);
}
else if (cmd == aFlush)
{
@ -1465,9 +1467,18 @@ dirmngr_exit (int rc)
void
dirmngr_init_default_ctrl (ctrl_t ctrl)
{
(void)ctrl;
if (opt.http_proxy)
ctrl->http_proxy = xstrdup (opt.http_proxy);
}
/* Nothing for now. */
void
dirmngr_deinit_default_ctrl (ctrl_t ctrl)
{
if (!ctrl)
return;
xfree (ctrl->http_proxy);
ctrl->http_proxy = NULL;
}

4
dirmngr/dirmngr.h
View File

@ -99,7 +99,7 @@ struct
int disable_http; /* Do not use HTTP at all. */
int disable_ldap; /* Do not use LDAP at all. */
int honor_http_proxy; /* Honor the http_proxy env variable. */
const char *http_proxy; /* Use given HTTP proxy. */
const char *http_proxy; /* The default HTTP proxy. */
const char *ldap_proxy; /* Use given LDAP proxy. */
int only_ldap_proxy; /* Only use the LDAP proxy; no fallback. */
int ignore_http_dp; /* Ignore HTTP CRL distribution points. */
@ -174,12 +174,14 @@ struct server_control_s
response. */
int audit_events; /* Send audit events to client. */
char *http_proxy; /* The used http_proxy or NULL. */
};
/*-- dirmngr.c --*/
void dirmngr_exit( int ); /* Wrapper for exit() */
void dirmngr_init_default_ctrl (ctrl_t ctrl);
void dirmngr_deinit_default_ctrl (ctrl_t ctrl);
void dirmngr_sighup_action (void);

4
dirmngr/ks-engine-hkp.c
View File

@ -965,8 +965,8 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr,
request,
httphost,
/* fixme: AUTH */ NULL,
httpflags,
/* fixme: proxy*/ NULL,
(httpflags | (opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)),
ctrl->http_proxy,
session,
NULL,
/*FIXME curl->srvtag*/NULL);

4
dirmngr/ks-engine-http.c
View File

@ -77,8 +77,8 @@ ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp)
url,
/* httphost */ NULL,
/* fixme: AUTH */ NULL,
0,
/* fixme: proxy*/ NULL,
(opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0),
ctrl->http_proxy,
session,
NULL,
/*FIXME curl->srvtag*/NULL);

2
dirmngr/ocsp.c
View File

@ -166,7 +166,7 @@ do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp, gcry_md_hd_t md,
once_more:
err = http_open (&http, HTTP_REQ_POST, url, NULL, NULL,
(opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0),
opt.http_proxy, NULL, NULL, NULL);
ctrl->http_proxy, NULL, NULL, NULL);
if (err)
{
log_error (_("error connecting to '%s': %s\n"), url, gpg_strerror (err));

17
dirmngr/server.c
View File

@ -582,6 +582,7 @@ static gpg_error_t
option_handler (assuan_context_t ctx, const char *key, const char *value)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
gpg_error_t err = 0;
if (!strcmp (key, "force-crl-refresh"))
{
@ -593,12 +594,21 @@ option_handler (assuan_context_t ctx, const char *key, const char *value)
int i = *value? atoi (value) : 0;
ctrl->audit_events = i;
}
else if (!strcmp (key, "http-proxy"))
{
xfree (ctrl->http_proxy);
if (!*value || !strcmp (value, "none"))
ctrl->http_proxy = NULL;
else if (!(ctrl->http_proxy = xtrystrdup (value)))
err = gpg_error_from_syserror ();
}
else
return gpg_error (GPG_ERR_UNKNOWN_OPTION);
err = gpg_error (GPG_ERR_UNKNOWN_OPTION);
return 0;
return err;
}
static const char hlp_ldapserver[] =
"LDAPSERVER <data>\n"
"\n"
@ -1633,7 +1643,7 @@ static const char hlp_ks_get[] =
"\n"
"Get the keys matching PATTERN from the configured OpenPGP keyservers\n"
"(see command KEYSERVER). Each pattern should be a keyid, a fingerprint,\n"
"or an exact name indicastes by the '=' prefix.";
"or an exact name indicated by the '=' prefix.";
static gpg_error_t
cmd_ks_get (assuan_context_t ctx, char *line)
{
@ -2096,6 +2106,7 @@ start_command_handler (assuan_fd_t fd)
{
release_ctrl_ocsp_certs (ctrl);
xfree (ctrl->server_local);
dirmngr_deinit_default_ctrl (ctrl);
xfree (ctrl);
}
}