From a0dead5edce07838cf5ff3ec7205a3bff2a6ef70 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Tue, 21 Apr 2015 17:14:53 +0200
Subject: [PATCH] dirmngr: Add http proxy support for keyservers.

* dirmngr/dirmngr.h (server_control_s): Add field http_proxy.
* dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Copy http_proxy value
from OPT.
(dirmngr_deinit_default_ctrl): New.
(main): Call dirmngr_deinit_default_ctrl.
* dirmngr/server.c (start_command_handler): Ditto.
(option_handler): Add option "http-proxy".
* dirmngr/crlfetch.c (crl_fetch): Take http_proxy from CTRL.
* dirmngr/ocsp.c (do_ocsp_request): Ditto.
* dirmngr/ks-engine-hkp.c (send_request): Add proxy support.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 dirmngr/crlfetch.c       |  6 +-----
 dirmngr/dirmngr.c        | 15 +++++++++++++--
 dirmngr/dirmngr.h        |  4 +++-
 dirmngr/ks-engine-hkp.c  |  4 ++--
 dirmngr/ks-engine-http.c |  4 ++--
 dirmngr/ocsp.c           |  2 +-
 dirmngr/server.c         | 17 ++++++++++++++---
 7 files changed, 36 insertions(+), 16 deletions(-)

diff --git a/dirmngr/crlfetch.c b/dirmngr/crlfetch.c
index 2c4a24783..3b3916a23 100644
--- a/dirmngr/crlfetch.c
+++ b/dirmngr/crlfetch.c
@@ -157,10 +157,6 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
   char *free_this = NULL;
   int redirects_left = 2; /* We allow for 2 redirect levels.  */
 
-#ifndef USE_LDAP
-  (void)ctrl;
-#endif
-
   *reader = NULL;
 
   if (!url)
@@ -202,7 +198,7 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
         err = http_open_document (&hd, url, NULL,
                                   (opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
                                   |(DBG_LOOKUP? HTTP_FLAG_LOG_RESP:0),
-                                  opt.http_proxy, NULL, NULL, NULL);
+                                  ctrl->http_proxy, NULL, NULL, NULL);
 
       switch ( err? 99999 : http_get_status_code (hd) )
         {
diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
index 4c17c8c46..437c6ebdd 100644
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@@ -1277,6 +1277,7 @@ main (int argc, char **argv)
           for (; !rc && argc; argc--, argv++)
             rc = crl_cache_load (&ctrlbuf, *argv);
         }
+      dirmngr_deinit_default_ctrl (&ctrlbuf);
     }
   else if (cmd == aFetchCRL)
     {
@@ -1306,6 +1307,7 @@ main (int argc, char **argv)
                        argv[0], gpg_strerror (rc));
           crl_close_reader (reader);
         }
+      dirmngr_deinit_default_ctrl (&ctrlbuf);
     }
   else if (cmd == aFlush)
     {
@@ -1465,9 +1467,18 @@ dirmngr_exit (int rc)
 void
 dirmngr_init_default_ctrl (ctrl_t ctrl)
 {
-  (void)ctrl;
+  if (opt.http_proxy)
+    ctrl->http_proxy = xstrdup (opt.http_proxy);
+}
 
-  /* Nothing for now. */
+
+void
+dirmngr_deinit_default_ctrl (ctrl_t ctrl)
+{
+  if (!ctrl)
+    return;
+  xfree (ctrl->http_proxy);
+  ctrl->http_proxy = NULL;
 }
 
 
diff --git a/dirmngr/dirmngr.h b/dirmngr/dirmngr.h
index 56abc86d4..4f037e714 100644
--- a/dirmngr/dirmngr.h
+++ b/dirmngr/dirmngr.h
@@ -99,7 +99,7 @@ struct
   int disable_http;       /* Do not use HTTP at all.  */
   int disable_ldap;       /* Do not use LDAP at all.  */
   int honor_http_proxy;   /* Honor the http_proxy env variable. */
-  const char *http_proxy; /* Use given HTTP proxy.  */
+  const char *http_proxy; /* The default HTTP proxy.  */
   const char *ldap_proxy; /* Use given LDAP proxy.  */
   int only_ldap_proxy;    /* Only use the LDAP proxy; no fallback.  */
   int ignore_http_dp;     /* Ignore HTTP CRL distribution points.  */
@@ -174,12 +174,14 @@ struct server_control_s
                             response. */
 
   int audit_events;  /* Send audit events to client.  */
+  char *http_proxy;  /* The used http_proxy or NULL.  */
 };
 
 
 /*-- dirmngr.c --*/
 void dirmngr_exit( int );  /* Wrapper for exit() */
 void dirmngr_init_default_ctrl (ctrl_t ctrl);
+void dirmngr_deinit_default_ctrl (ctrl_t ctrl);
 void dirmngr_sighup_action (void);
 
 
diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
index fcdd71ee6..a0104117d 100644
--- a/dirmngr/ks-engine-hkp.c
+++ b/dirmngr/ks-engine-hkp.c
@@ -965,8 +965,8 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr,
                    request,
                    httphost,
                    /* fixme: AUTH */ NULL,
-                   httpflags,
-                   /* fixme: proxy*/ NULL,
+                   (httpflags | (opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)),
+                   ctrl->http_proxy,
                    session,
                    NULL,
                    /*FIXME curl->srvtag*/NULL);
diff --git a/dirmngr/ks-engine-http.c b/dirmngr/ks-engine-http.c
index e4c2b788b..13e51c69e 100644
--- a/dirmngr/ks-engine-http.c
+++ b/dirmngr/ks-engine-http.c
@@ -77,8 +77,8 @@ ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp)
                    url,
                    /* httphost */ NULL,
                    /* fixme: AUTH */ NULL,
-                   0,
-                   /* fixme: proxy*/ NULL,
+                   (opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0),
+                   ctrl->http_proxy,
                    session,
                    NULL,
                    /*FIXME curl->srvtag*/NULL);
diff --git a/dirmngr/ocsp.c b/dirmngr/ocsp.c
index f8c437d1d..8971b9ffa 100644
--- a/dirmngr/ocsp.c
+++ b/dirmngr/ocsp.c
@@ -166,7 +166,7 @@ do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp, gcry_md_hd_t md,
  once_more:
   err = http_open (&http, HTTP_REQ_POST, url, NULL, NULL,
                    (opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0),
-                   opt.http_proxy, NULL, NULL, NULL);
+                   ctrl->http_proxy, NULL, NULL, NULL);
   if (err)
     {
       log_error (_("error connecting to '%s': %s\n"), url, gpg_strerror (err));
diff --git a/dirmngr/server.c b/dirmngr/server.c
index 3e6d99d18..c0f63ac7d 100644
--- a/dirmngr/server.c
+++ b/dirmngr/server.c
@@ -582,6 +582,7 @@ static gpg_error_t
 option_handler (assuan_context_t ctx, const char *key, const char *value)
 {
   ctrl_t ctrl = assuan_get_pointer (ctx);
+  gpg_error_t err = 0;
 
   if (!strcmp (key, "force-crl-refresh"))
     {
@@ -593,12 +594,21 @@ option_handler (assuan_context_t ctx, const char *key, const char *value)
       int i = *value? atoi (value) : 0;
       ctrl->audit_events = i;
     }
+  else if (!strcmp (key, "http-proxy"))
+    {
+      xfree (ctrl->http_proxy);
+      if (!*value || !strcmp (value, "none"))
+        ctrl->http_proxy = NULL;
+      else if (!(ctrl->http_proxy = xtrystrdup (value)))
+        err = gpg_error_from_syserror ();
+    }
   else
-    return gpg_error (GPG_ERR_UNKNOWN_OPTION);
+    err = gpg_error (GPG_ERR_UNKNOWN_OPTION);
 
-  return 0;
+  return err;
 }
 
+
 static const char hlp_ldapserver[] =
   "LDAPSERVER <data>\n"
   "\n"
@@ -1633,7 +1643,7 @@ static const char hlp_ks_get[] =
   "\n"
   "Get the keys matching PATTERN from the configured OpenPGP keyservers\n"
   "(see command KEYSERVER).  Each pattern should be a keyid, a fingerprint,\n"
-  "or an exact name indicastes by the '=' prefix.";
+  "or an exact name indicated by the '=' prefix.";
 static gpg_error_t
 cmd_ks_get (assuan_context_t ctx, char *line)
 {
@@ -2096,6 +2106,7 @@ start_command_handler (assuan_fd_t fd)
     {
       release_ctrl_ocsp_certs (ctrl);
       xfree (ctrl->server_local);
+      dirmngr_deinit_default_ctrl (ctrl);
       xfree (ctrl);
     }
 }