1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

* gpgkeys_ldap.c (main): Don't try and error out before making a ldaps

connection to the NAI keyserver since we cannot tell if it is a NAI
keyserver until we connect.  Fail if we cannot find a base keyspace DN.
Fix a false success message for TLS being enabled.
This commit is contained in:
David Shaw 2004-07-28 02:36:45 +00:00
parent 25ac11084b
commit a32297863b
2 changed files with 27 additions and 28 deletions

View File

@ -1,3 +1,11 @@
2004-07-27 David Shaw <dshaw@jabberwocky.com>
* gpgkeys_ldap.c (main): Don't try and error out before making a
ldaps connection to the NAI keyserver since we cannot tell if it
is a NAI keyserver until we connect. Fail if we cannot find a
base keyspace DN. Fix a false success message for TLS being
enabled.
2004-07-20 Werner Koch <wk@gnupg.org>
* gpgkeys_ldap.c [_WIN32]: Include Windows specific header files.

View File

@ -1699,38 +1699,28 @@ main(int argc,char *argv[])
if(use_ssl)
{
if(!real_ldap)
{
fprintf(console,"gpgkeys: unable to make SSL connection: %s\n",
"not supported by the NAI LDAP keyserver");
fail_all(keylist,action,KEYSERVER_INTERNAL_ERROR);
goto fail;
}
else
{
#if defined(LDAP_OPT_X_TLS_HARD) && defined(HAVE_LDAP_SET_OPTION)
int ssl=LDAP_OPT_X_TLS_HARD;
err=ldap_set_option(ldap,LDAP_OPT_X_TLS,&ssl);
if(err!=LDAP_SUCCESS)
{
fprintf(console,"gpgkeys: unable to make SSL connection: %s\n",
ldap_err2string(err));
fail_all(keylist,action,ldap_err_to_gpg_err(err));
goto fail;
}
#else
int ssl=LDAP_OPT_X_TLS_HARD;
err=ldap_set_option(ldap,LDAP_OPT_X_TLS,&ssl);
if(err!=LDAP_SUCCESS)
{
fprintf(console,"gpgkeys: unable to make SSL connection: %s\n",
"not built with LDAPS support");
fail_all(keylist,action,KEYSERVER_INTERNAL_ERROR);
ldap_err2string(err));
fail_all(keylist,action,ldap_err_to_gpg_err(err));
goto fail;
#endif
}
#else
fprintf(console,"gpgkeys: unable to make SSL connection: %s\n",
"not built with LDAPS support");
fail_all(keylist,action,KEYSERVER_INTERNAL_ERROR);
goto fail;
#endif
}
if((err=find_basekeyspacedn()))
if((err=find_basekeyspacedn()) || !basekeyspacedn)
{
fprintf(console,"gpgkeys: unable to retrieve LDAP base: %s\n",
ldap_err2string(err));
err?ldap_err2string(err):"not found");
fail_all(keylist,action,ldap_err_to_gpg_err(err));
goto fail;
}
@ -1761,10 +1751,11 @@ main(int argc,char *argv[])
if(err==LDAP_SUCCESS)
err=ldap_start_tls_s(ldap,NULL,NULL);
if(err!=LDAP_SUCCESS && use_tls>=2)
if(err!=LDAP_SUCCESS)
{
fprintf(console,"gpgkeys: unable to start TLS: %s\n",
ldap_err2string(err));
if(use_tls==2 || verbose>2)
fprintf(console,"gpgkeys: unable to start TLS: %s\n",
ldap_err2string(err));
/* Are we forcing it? */
if(use_tls==3)
{
@ -1772,7 +1763,7 @@ main(int argc,char *argv[])
goto fail;
}
}
else if(verbose>1)
else if(err==LDAP_SUCCESS && verbose>1)
fprintf(console,"gpgkeys: TLS started successfully.\n");
#else
if(use_tls>=2)