diff --git a/keyserver/ChangeLog b/keyserver/ChangeLog index 1911b7e3c..e364daf31 100644 --- a/keyserver/ChangeLog +++ b/keyserver/ChangeLog @@ -1,3 +1,11 @@ +2004-07-27 David Shaw + + * gpgkeys_ldap.c (main): Don't try and error out before making a + ldaps connection to the NAI keyserver since we cannot tell if it + is a NAI keyserver until we connect. Fail if we cannot find a + base keyspace DN. Fix a false success message for TLS being + enabled. + 2004-07-20 Werner Koch * gpgkeys_ldap.c [_WIN32]: Include Windows specific header files. diff --git a/keyserver/gpgkeys_ldap.c b/keyserver/gpgkeys_ldap.c index a1c50f28c..9db0026c8 100644 --- a/keyserver/gpgkeys_ldap.c +++ b/keyserver/gpgkeys_ldap.c @@ -1699,38 +1699,28 @@ main(int argc,char *argv[]) if(use_ssl) { - if(!real_ldap) - { - fprintf(console,"gpgkeys: unable to make SSL connection: %s\n", - "not supported by the NAI LDAP keyserver"); - fail_all(keylist,action,KEYSERVER_INTERNAL_ERROR); - goto fail; - } - else - { #if defined(LDAP_OPT_X_TLS_HARD) && defined(HAVE_LDAP_SET_OPTION) - int ssl=LDAP_OPT_X_TLS_HARD; - err=ldap_set_option(ldap,LDAP_OPT_X_TLS,&ssl); - if(err!=LDAP_SUCCESS) - { - fprintf(console,"gpgkeys: unable to make SSL connection: %s\n", - ldap_err2string(err)); - fail_all(keylist,action,ldap_err_to_gpg_err(err)); - goto fail; - } -#else + int ssl=LDAP_OPT_X_TLS_HARD; + err=ldap_set_option(ldap,LDAP_OPT_X_TLS,&ssl); + if(err!=LDAP_SUCCESS) + { fprintf(console,"gpgkeys: unable to make SSL connection: %s\n", - "not built with LDAPS support"); - fail_all(keylist,action,KEYSERVER_INTERNAL_ERROR); + ldap_err2string(err)); + fail_all(keylist,action,ldap_err_to_gpg_err(err)); goto fail; -#endif } +#else + fprintf(console,"gpgkeys: unable to make SSL connection: %s\n", + "not built with LDAPS support"); + fail_all(keylist,action,KEYSERVER_INTERNAL_ERROR); + goto fail; +#endif } - if((err=find_basekeyspacedn())) + if((err=find_basekeyspacedn()) || !basekeyspacedn) { fprintf(console,"gpgkeys: unable to retrieve LDAP base: %s\n", - ldap_err2string(err)); + err?ldap_err2string(err):"not found"); fail_all(keylist,action,ldap_err_to_gpg_err(err)); goto fail; } @@ -1761,10 +1751,11 @@ main(int argc,char *argv[]) if(err==LDAP_SUCCESS) err=ldap_start_tls_s(ldap,NULL,NULL); - if(err!=LDAP_SUCCESS && use_tls>=2) + if(err!=LDAP_SUCCESS) { - fprintf(console,"gpgkeys: unable to start TLS: %s\n", - ldap_err2string(err)); + if(use_tls==2 || verbose>2) + fprintf(console,"gpgkeys: unable to start TLS: %s\n", + ldap_err2string(err)); /* Are we forcing it? */ if(use_tls==3) { @@ -1772,7 +1763,7 @@ main(int argc,char *argv[]) goto fail; } } - else if(verbose>1) + else if(err==LDAP_SUCCESS && verbose>1) fprintf(console,"gpgkeys: TLS started successfully.\n"); #else if(use_tls>=2)