* gpgkeys_ldap.c (main): Don't try and error out before making a ldaps

connection to the NAI keyserver since we cannot tell if it is a NAI keyserver until we connect. Fail if we cannot find a base keyspace DN. Fix a false success message for TLS being enabled.
2004-07-28 02:36:45 +00:00 · 2004-07-28 02:36:45 +00:00 · a32297863b
parent 25ac11084b
commit a32297863b
2 changed files with 27 additions and 28 deletions
--- a/keyserver/ChangeLog
+++ b/keyserver/ChangeLog
@ -1,3 +1,11 @@
+2004-07-27  David Shaw  <dshaw@jabberwocky.com>
+
+	* gpgkeys_ldap.c (main): Don't try and error out before making a
+	ldaps connection to the NAI keyserver since we cannot tell if it
+	is a NAI keyserver until we connect.  Fail if we cannot find a
+	base keyspace DN.  Fix a false success message for TLS being
+	enabled.
+
 2004-07-20  Werner Koch  <wk@gnupg.org>

 	* gpgkeys_ldap.c [_WIN32]: Include Windows specific header files.
--- a/keyserver/gpgkeys_ldap.c
+++ b/keyserver/gpgkeys_ldap.c
@ -1699,38 +1699,28 @@ main(int argc,char *argv[])

  if(use_ssl)
    {
-      if(!real_ldap)
-      	{
-      	  fprintf(console,"gpgkeys: unable to make SSL connection: %s\n",
-      		  "not supported by the NAI LDAP keyserver");
-      	  fail_all(keylist,action,KEYSERVER_INTERNAL_ERROR);
-      	  goto fail;
-      	}
-      else
-      	{
 #if defined(LDAP_OPT_X_TLS_HARD) && defined(HAVE_LDAP_SET_OPTION)
-	  int ssl=LDAP_OPT_X_TLS_HARD;
-	  err=ldap_set_option(ldap,LDAP_OPT_X_TLS,&ssl);
-	  if(err!=LDAP_SUCCESS)
-	    {
-	      fprintf(console,"gpgkeys: unable to make SSL connection: %s\n",
-		      ldap_err2string(err));
-	      fail_all(keylist,action,ldap_err_to_gpg_err(err));
-	      goto fail;
-	    }
-#else
+      int ssl=LDAP_OPT_X_TLS_HARD;
+      err=ldap_set_option(ldap,LDAP_OPT_X_TLS,&ssl);
+      if(err!=LDAP_SUCCESS)
+	{
 	  fprintf(console,"gpgkeys: unable to make SSL connection: %s\n",
-		  "not built with LDAPS support");
-	  fail_all(keylist,action,KEYSERVER_INTERNAL_ERROR);
+		  ldap_err2string(err));
+	  fail_all(keylist,action,ldap_err_to_gpg_err(err));
 	  goto fail;
-#endif
 	}
+#else
+      fprintf(console,"gpgkeys: unable to make SSL connection: %s\n",
+	      "not built with LDAPS support");
+      fail_all(keylist,action,KEYSERVER_INTERNAL_ERROR);
+      goto fail;
+#endif
    }

-  if((err=find_basekeyspacedn()))
+  if((err=find_basekeyspacedn()) || !basekeyspacedn)
    {
      fprintf(console,"gpgkeys: unable to retrieve LDAP base: %s\n",
-	      ldap_err2string(err));
+	      err?ldap_err2string(err):"not found");
      fail_all(keylist,action,ldap_err_to_gpg_err(err));
      goto fail;
    }
@ -1761,10 +1751,11 @@ main(int argc,char *argv[])
 	  if(err==LDAP_SUCCESS)
 	    err=ldap_start_tls_s(ldap,NULL,NULL);

-	  if(err!=LDAP_SUCCESS && use_tls>=2)
+	  if(err!=LDAP_SUCCESS)
 	    {
-	      fprintf(console,"gpgkeys: unable to start TLS: %s\n",
-		      ldap_err2string(err));
+	      if(use_tls==2 || verbose>2)
+		fprintf(console,"gpgkeys: unable to start TLS: %s\n",
+			ldap_err2string(err));
 	      /* Are we forcing it? */
 	      if(use_tls==3)
 		{
@ -1772,7 +1763,7 @@ main(int argc,char *argv[])
 		  goto fail;
 		}
 	    }
-	  else if(verbose>1)
+	  else if(err==LDAP_SUCCESS && verbose>1)
 	    fprintf(console,"gpgkeys: TLS started successfully.\n");
 #else
 	  if(use_tls>=2)