dirmngr: Add option--user-agent and always use a User-Agent header.

* dirmngr/dirmngr.h (opt): Add user_agent. * dirmngr/dirmngr.c (oUserAgent): New. (opts): Add "user-agent". (parse_rereadable_options): Set option. * dirmngr/ks-engine-hkp.c (send_request): Send User-Agent. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/ocsp.c (do_ocsp_request): Ditto. -- Note that the http_open_document function is not used by dirmngr. If it ever gets used we may want to add a way to configure the http.c module with a user-agent string, so that it is send by the send_request function and we do not need to explictly do that in the caller. GnuPG-bug-id: 7715
2025-07-14 21:47:19 +02:00 · 2025-07-08 09:56:37 +02:00 · 2025-07-08 09:56:37 +02:00 · a0f7cde9da
commit a0f7cde9da
parent 6ec40bee2d
7 changed files with 29 additions and 0 deletions
--- a/2
+++ b/2
@ -7,6 +7,8 @@ Noteworthy changes in version 2.5.9 (unreleased)
  * gpg: Do not show the non-standard secp256k1 curve in the menu to
    select the curve.  It can however be specified using its name.

+  * dirmngr: New option --user-agent and send a default User-Agent of
+    "GnuPG/2.6" for all HTTP requests.  [T7715]

  Release-info: https://dev.gnupg.org/T7695

--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@ -161,6 +161,7 @@ enum cmd_and_opt_values {
  oListenBacklog,
  oFakeCRL,
  oCompatibilityFlags,
+  oUserAgent,
  aTest
 };

@ -251,6 +252,7 @@ static gpgrt_opt_t opts[] = {
                N_("|URL|redirect all HTTP requests to URL")),
  ARGPARSE_s_n (oHonorHTTPProxy, "honor-http-proxy",
                N_("use system's HTTP proxy setting")),
+  ARGPARSE_s_s (oUserAgent, "user-agent", "@"),
  ARGPARSE_s_s (oLDAPWrapperProgram, "ldap-wrapper-program", "@"),

  ARGPARSE_header ("Keyserver", N_("Configuration for OpenPGP servers")),
@ -695,6 +697,7 @@ parse_rereadable_options (gpgrt_argparse_t *pargs, int reread)
      opt.ocsp_max_period = 90 * 86400;       /* 90 days.  */
      opt.ocsp_current_period = 3 * 60 * 60;  /* 3 hours. */
      opt.max_replies = DEFAULT_MAX_REPLIES;
+      opt.user_agent = "GnuPG/2.6";
      while (opt.ocsp_signer)
        {
          fingerprint_list_t tmp = opt.ocsp_signer->next;
@ -906,6 +909,15 @@ parse_rereadable_options (gpgrt_argparse_t *pargs, int reread)
        }
      break;

+    case oUserAgent:
+      if (strpbrk (pargs->r.ret_str, "\r\n"))
+        ; /* Ignore if the caller tried to insert CR or LF.  */
+      else if (!strcmp (pargs->r.ret_str, "none"))
+        opt.user_agent = "";
+      else
+        opt.user_agent = pargs->r.ret_str;
+      break;
+
    default:
      return 0; /* Not handled. */
    }
--- a/dirmngr/dirmngr.h
+++ b/dirmngr/dirmngr.h
@ -160,6 +160,8 @@ struct

  strlist_t keyserver;              /* List of default keyservers.  */

+  const char *user_agent;           /* The HTTP Use-Agent (never NULL).  */
+
  /* Compatibility flags (COMPAT_FLAG_xxxx).  */
  unsigned int compat_flags;
 } opt;
--- a/dirmngr/ks-engine-hkp.c
+++ b/dirmngr/ks-engine-hkp.c
@ -1278,6 +1278,8 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr,
         we're good with both HTTP 1.0 and 1.1.  */
      es_fputs ("Pragma: no-cache\r\n"
                "Cache-Control: no-cache\r\n", fp);
+      if (*opt.user_agent)
+        es_fprintf (fp, "User-Agent: %s\r\n", opt.user_agent);
      if (post_cb)
        err = post_cb (post_cb_value, http);
      if (!err)
--- a/dirmngr/ks-engine-http.c
+++ b/dirmngr/ks-engine-http.c
@ -130,6 +130,8 @@ ks_http_fetch (ctrl_t ctrl, const char *url, unsigned int flags,
      if ((flags & KS_HTTP_FETCH_NOCACHE))
        es_fputs ("Pragma: no-cache\r\n"
                  "Cache-Control: no-cache\r\n", fp);
+      if (*opt.user_agent)
+        es_fprintf (fp, "User-Agent: %s\r\n", opt.user_agent);
      http_start_data (http);
      if (es_ferror (fp))
        err = gpg_error_from_syserror ();
--- a/dirmngr/ocsp.c
+++ b/dirmngr/ocsp.c
@ -197,6 +197,9 @@ do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp,
      return err;
    }

+  if (*opt.user_agent)
+    es_fprintf (http_get_write_ptr (http),
+                "User-Agent: %s\r\n", opt.user_agent);
  es_fprintf (http_get_write_ptr (http),
 	      "Content-Type: application/ocsp-request\r\n"
 	      "Content-Length: %lu\r\n",
--- a/doc/dirmngr.texi
+++ b/doc/dirmngr.texi
@ -429,6 +429,12 @@ ignoring DPs entirely.
 Ignore all OCSP URLs contained in the certificate.  The effect is to
 force the use of the default responder.

+@item --user-agent @var{string}
+@opindex user-agent
+Change the default User-Agent for HTTP requests to @var{string}.  If
+@var{string} is empty or has the value ``none'' no User-Agent header
+will be used.
+
@item --honor-http-proxy
@opindex honor-http-proxy
 If the environment variable @env{http_proxy} has been set, use its