mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-20 14:37:08 +01:00
hkps: Fix host name verification when using pools.
* common/http.c (send_request): Set the requested for SNI. * dirmngr/ks-engine-hkp.c (map_host): Return the poolname and not the selecting a host. -- GnuPG-bug-id: 1792 Thanks to davidw for figuring out the problem. Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
parent
28bb3ab686
commit
dc10d466bf
@ -1443,7 +1443,8 @@ send_request (http_t hd, const char *httphost, const char *auth,
|
|||||||
}
|
}
|
||||||
|
|
||||||
# if HTTP_USE_NTBTLS
|
# if HTTP_USE_NTBTLS
|
||||||
err = ntbtls_set_hostname (hd->session->tls_session, server);
|
err = ntbtls_set_hostname (hd->session->tls_session,
|
||||||
|
hd->session->servername);
|
||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
log_info ("ntbtls_set_hostname failed: %s\n", gpg_strerror (err));
|
log_info ("ntbtls_set_hostname failed: %s\n", gpg_strerror (err));
|
||||||
@ -1452,7 +1453,8 @@ send_request (http_t hd, const char *httphost, const char *auth,
|
|||||||
# elif HTTP_USE_GNUTLS
|
# elif HTTP_USE_GNUTLS
|
||||||
rc = gnutls_server_name_set (hd->session->tls_session,
|
rc = gnutls_server_name_set (hd->session->tls_session,
|
||||||
GNUTLS_NAME_DNS,
|
GNUTLS_NAME_DNS,
|
||||||
server, strlen (server));
|
hd->session->servername
|
||||||
|
strlen (hd->session->servername));
|
||||||
if (rc < 0)
|
if (rc < 0)
|
||||||
log_info ("gnutls_server_name_set failed: %s\n", gnutls_strerror (rc));
|
log_info ("gnutls_server_name_set failed: %s\n", gnutls_strerror (rc));
|
||||||
# endif /*HTTP_USE_GNUTLS*/
|
# endif /*HTTP_USE_GNUTLS*/
|
||||||
|
@ -521,6 +521,14 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
|
|||||||
hi = hosttable[idx];
|
hi = hosttable[idx];
|
||||||
if (hi->pool)
|
if (hi->pool)
|
||||||
{
|
{
|
||||||
|
/* Deal with the pool name before selecting a host. */
|
||||||
|
if (r_poolname && hi->cname)
|
||||||
|
{
|
||||||
|
*r_poolname = xtrystrdup (hi->cname);
|
||||||
|
if (!*r_poolname)
|
||||||
|
return gpg_error_from_syserror ();
|
||||||
|
}
|
||||||
|
|
||||||
/* If the currently selected host is now marked dead, force a
|
/* If the currently selected host is now marked dead, force a
|
||||||
re-selection . */
|
re-selection . */
|
||||||
if (force_reselect)
|
if (force_reselect)
|
||||||
@ -536,6 +544,11 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
|
|||||||
if (hi->poolidx == -1)
|
if (hi->poolidx == -1)
|
||||||
{
|
{
|
||||||
log_error ("no alive host found in pool '%s'\n", name);
|
log_error ("no alive host found in pool '%s'\n", name);
|
||||||
|
if (r_poolname)
|
||||||
|
{
|
||||||
|
xfree (*r_poolname);
|
||||||
|
*r_poolname = NULL;
|
||||||
|
}
|
||||||
return gpg_error (GPG_ERR_NO_KEYSERVER);
|
return gpg_error (GPG_ERR_NO_KEYSERVER);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -548,6 +561,11 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
|
|||||||
if (hi->dead)
|
if (hi->dead)
|
||||||
{
|
{
|
||||||
log_error ("host '%s' marked as dead\n", hi->name);
|
log_error ("host '%s' marked as dead\n", hi->name);
|
||||||
|
if (r_poolname)
|
||||||
|
{
|
||||||
|
xfree (*r_poolname);
|
||||||
|
*r_poolname = NULL;
|
||||||
|
}
|
||||||
return gpg_error (GPG_ERR_NO_KEYSERVER);
|
return gpg_error (GPG_ERR_NO_KEYSERVER);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -564,13 +582,6 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
|
|||||||
*r_httpflags |= HTTP_FLAG_IGNORE_IPv6;
|
*r_httpflags |= HTTP_FLAG_IGNORE_IPv6;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (r_poolname && hi->pool && hi->cname)
|
|
||||||
{
|
|
||||||
*r_poolname = xtrystrdup (hi->cname);
|
|
||||||
if (!*r_poolname)
|
|
||||||
return gpg_error_from_syserror ();
|
|
||||||
}
|
|
||||||
|
|
||||||
*r_host = xtrystrdup (hi->name);
|
*r_host = xtrystrdup (hi->name);
|
||||||
if (!*r_host)
|
if (!*r_host)
|
||||||
{
|
{
|
||||||
|
Loading…
x
Reference in New Issue
Block a user