security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-14 21:47:19 +02:00
Code Activity

dirmngr: Add option--user-agent and always use a User-Agent header.

Browse source 
* dirmngr/dirmngr.h (opt): Add user_agent.
* dirmngr/dirmngr.c (oUserAgent): New.
(opts): Add "user-agent".
(parse_rereadable_options): Set option.
* dirmngr/ks-engine-hkp.c (send_request): Send User-Agent.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/ocsp.c (do_ocsp_request): Ditto.
--

Note that the http_open_document function is not used by dirmngr.  If
it ever gets used we may want to add a way to configure the http.c
module with a user-agent string, so that it is send by the
send_request function and we do not need to explictly do that in the
caller.

GnuPG-bug-id: 7715
This commit is contained in:
Werner Koch 2025-07-08 09:56:37 +02:00
parent 6ec40bee2d
commit a0f7cde9da
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
7 changed files with 29 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
NEWS
View file

@ -7,6 +7,8 @@ Noteworthy changes in version 2.5.9 (unreleased)
* gpg: Do not show the non-standard secp256k1 curve in the menu to * gpg: Do not show the non-standard secp256k1 curve in the menu to
select the curve. It can however be specified using its name. select the curve. It can however be specified using its name.
* dirmngr: New option --user-agent and send a default User-Agent of
"GnuPG/2.6" for all HTTP requests. [T7715]
Release-info: https://dev.gnupg.org/T7695 Release-info: https://dev.gnupg.org/T7695

12
dirmngr/dirmngr.c
View file

@ -161,6 +161,7 @@ enum cmd_and_opt_values {
oListenBacklog, oListenBacklog,
oFakeCRL, oFakeCRL,
oCompatibilityFlags, oCompatibilityFlags,
oUserAgent,
aTest aTest
}; };
@ -251,6 +252,7 @@ static gpgrt_opt_t opts[] = {
N_("|URL|redirect all HTTP requests to URL")), N_("|URL|redirect all HTTP requests to URL")),
ARGPARSE_s_n (oHonorHTTPProxy, "honor-http-proxy", ARGPARSE_s_n (oHonorHTTPProxy, "honor-http-proxy",
N_("use system's HTTP proxy setting")), N_("use system's HTTP proxy setting")),
ARGPARSE_s_s (oUserAgent, "user-agent", "@"),
ARGPARSE_s_s (oLDAPWrapperProgram, "ldap-wrapper-program", "@"), ARGPARSE_s_s (oLDAPWrapperProgram, "ldap-wrapper-program", "@"),
ARGPARSE_header ("Keyserver", N_("Configuration for OpenPGP servers")), ARGPARSE_header ("Keyserver", N_("Configuration for OpenPGP servers")),
@ -695,6 +697,7 @@ parse_rereadable_options (gpgrt_argparse_t *pargs, int reread)
opt.ocsp_max_period = 90 * 86400; /* 90 days. */ opt.ocsp_max_period = 90 * 86400; /* 90 days. */
opt.ocsp_current_period = 3 * 60 * 60; /* 3 hours. */ opt.ocsp_current_period = 3 * 60 * 60; /* 3 hours. */
opt.max_replies = DEFAULT_MAX_REPLIES; opt.max_replies = DEFAULT_MAX_REPLIES;
opt.user_agent = "GnuPG/2.6";
while (opt.ocsp_signer) while (opt.ocsp_signer)
{ {
fingerprint_list_t tmp = opt.ocsp_signer->next; fingerprint_list_t tmp = opt.ocsp_signer->next;
@ -906,6 +909,15 @@ parse_rereadable_options (gpgrt_argparse_t *pargs, int reread)
} }
break; break;
case oUserAgent:
if (strpbrk (pargs->r.ret_str, "\r\n"))
; /* Ignore if the caller tried to insert CR or LF. */
else if (!strcmp (pargs->r.ret_str, "none"))
opt.user_agent = "";
else
opt.user_agent = pargs->r.ret_str;
break;
default: default:
return 0; /* Not handled. */ return 0; /* Not handled. */
} }

2
dirmngr/dirmngr.h
View file

@ -160,6 +160,8 @@ struct
strlist_t keyserver; /* List of default keyservers. */ strlist_t keyserver; /* List of default keyservers. */
const char *user_agent; /* The HTTP Use-Agent (never NULL). */
/* Compatibility flags (COMPAT_FLAG_xxxx). */ /* Compatibility flags (COMPAT_FLAG_xxxx). */
unsigned int compat_flags; unsigned int compat_flags;
} opt; } opt;

2
dirmngr/ks-engine-hkp.c
View file

@ -1278,6 +1278,8 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr,
we're good with both HTTP 1.0 and 1.1. */ we're good with both HTTP 1.0 and 1.1. */
es_fputs ("Pragma: no-cache\r\n" es_fputs ("Pragma: no-cache\r\n"
"Cache-Control: no-cache\r\n", fp); "Cache-Control: no-cache\r\n", fp);
if (*opt.user_agent)
es_fprintf (fp, "User-Agent: %s\r\n", opt.user_agent);
if (post_cb) if (post_cb)
err = post_cb (post_cb_value, http); err = post_cb (post_cb_value, http);
if (!err) if (!err)

2
dirmngr/ks-engine-http.c
View file

@ -130,6 +130,8 @@ ks_http_fetch (ctrl_t ctrl, const char *url, unsigned int flags,
if ((flags & KS_HTTP_FETCH_NOCACHE)) if ((flags & KS_HTTP_FETCH_NOCACHE))
es_fputs ("Pragma: no-cache\r\n" es_fputs ("Pragma: no-cache\r\n"
"Cache-Control: no-cache\r\n", fp); "Cache-Control: no-cache\r\n", fp);
if (*opt.user_agent)
es_fprintf (fp, "User-Agent: %s\r\n", opt.user_agent);
http_start_data (http); http_start_data (http);
if (es_ferror (fp)) if (es_ferror (fp))
err = gpg_error_from_syserror (); err = gpg_error_from_syserror ();

3
dirmngr/ocsp.c
View file

@ -197,6 +197,9 @@ do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp,
return err; return err;
} }
if (*opt.user_agent)
es_fprintf (http_get_write_ptr (http),
"User-Agent: %s\r\n", opt.user_agent);
es_fprintf (http_get_write_ptr (http), es_fprintf (http_get_write_ptr (http),
"Content-Type: application/ocsp-request\r\n" "Content-Type: application/ocsp-request\r\n"
"Content-Length: %lu\r\n", "Content-Length: %lu\r\n",

6
doc/dirmngr.texi
View file

@ -429,6 +429,12 @@ ignoring DPs entirely.
Ignore all OCSP URLs contained in the certificate. The effect is to Ignore all OCSP URLs contained in the certificate. The effect is to
force the use of the default responder. force the use of the default responder.
@item --user-agent @var{string}
@opindex user-agent
Change the default User-Agent for HTTP requests to @var{string}. If
@var{string} is empty or has the value ``none'' no User-Agent header
will be used.
@item --honor-http-proxy @item --honor-http-proxy
@opindex honor-http-proxy @opindex honor-http-proxy
If the environment variable @env{http_proxy} has been set, use its If the environment variable @env{http_proxy} has been set, use its