1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

gpg: Report a conflict between honor-keyserver-url and TOR.

* g10/call-dirmngr.c (create_context): Send option and print a verbose
error.
--

It is in general a bad idea to use honor-keyserver-url but if Dirmngr
is running in TOR mode we should not allow this option at all.  We let
Dirmngr know about the use of this option and let Dirmngr tell use
whether TOR mode is active so that we can print a hint to disable that
keyserver option.

A future extension in gpgconf may disable that option directly but a
user may still override that and thus we better check.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2015-09-18 16:07:39 +02:00
parent b4bc1c8b10
commit d5a3142b8f
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B

View File

@ -176,6 +176,22 @@ create_context (ctrl_t ctrl, assuan_context_t *r_ctx)
xfree (line);
}
}
if (err)
;
else if ((opt.keyserver_options.options & KEYSERVER_HONOR_KEYSERVER_URL))
{
/* Tell the dirmngr that this possibly privacy invading
option is in use. If Dirmngr is running in TOR mode, it
will return an error. */
err = assuan_transact (ctx, "OPTION honor-keyserver-url-used",
NULL, NULL, NULL, NULL, NULL, NULL);
if (gpg_err_code (err) == GPG_ERR_FORBIDDEN)
log_error (_("keyserver option \"honor-keyserver-url\""
" may not be used in TOR mode\n"));
else if (gpg_err_code (err) == GPG_ERR_UNKNOWN_OPTION)
err = 0; /* Old dirmngr versions do not support this option. */
}
}
if (err)