From de6d8313f6df32aaa151bee74e1db269ac1e0fed Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 2 Mar 2017 17:58:00 +0100 Subject: [PATCH] dirmngr: Let --gpgconf-list return the default keyserver. * dirmngr/misc.c (get_default_keyserver): New. * dirmngr/http.c: Include misc.h (http_session_new): Use get_default_keyserver instead of hardwired "hkps.pool.sks-keyservers.net". * dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Ditto. * dirmngr/dirmngr.c (main) : Return default keyserver. Signed-off-by: Werner Koch --- dirmngr/dirmngr.c | 8 +++++++- dirmngr/http-ntbtls.c | 6 +++--- dirmngr/http.c | 3 ++- dirmngr/misc.c | 23 +++++++++++++++++++++++ dirmngr/misc.h | 2 ++ 5 files changed, 37 insertions(+), 5 deletions(-) diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c index c877a9b7d..75e852338 100644 --- a/dirmngr/dirmngr.c +++ b/dirmngr/dirmngr.c @@ -1454,7 +1454,13 @@ main (int argc, char **argv) es_printf ("ignore-ocsp-servic-url:%lu:\n", flags | GC_OPT_FLAG_NONE); es_printf ("use-tor:%lu:\n", flags | GC_OPT_FLAG_NONE); - es_printf ("keyserver:%lu:\n", flags | GC_OPT_FLAG_NONE); + + filename_esc = percent_escape (get_default_keyserver (0), NULL); + es_printf ("keyserver:%lu:\"%s:\n", flags | GC_OPT_FLAG_DEFAULT, + filename_esc); + xfree (filename_esc); + + es_printf ("nameserver:%lu:\n", flags | GC_OPT_FLAG_NONE); es_printf ("resolver-timeout:%lu:%u\n", flags | GC_OPT_FLAG_DEFAULT, 0); diff --git a/dirmngr/http-ntbtls.c b/dirmngr/http-ntbtls.c index 00d6a58bf..d44b77930 100644 --- a/dirmngr/http-ntbtls.c +++ b/dirmngr/http-ntbtls.c @@ -26,12 +26,12 @@ #include "dirmngr.h" #include "certcache.h" #include "validate.h" +#include "misc.h" #ifdef HTTP_USE_NTBTLS # include - /* The callback used to verify the peer's certificate. */ gpg_error_t gnupg_http_tls_verify_cb (void *opaque, @@ -77,11 +77,11 @@ gnupg_http_tls_verify_cb (void *opaque, validate_flags = VALIDATE_FLAG_TLS; - /* Are we using the standard hkps:// pool use the dedicated + /* If we are using the standard hkps:// pool use the dedicated * root certificate. */ hostname = ntbtls_get_hostname (tls); if (hostname - && !ascii_strcasecmp (hostname, "hkps.pool.sks-keyservers.net")) + && !ascii_strcasecmp (hostname, get_default_keyserver (1))) { validate_flags |= VALIDATE_FLAG_TRUST_HKPSPOOL; } diff --git a/dirmngr/http.c b/dirmngr/http.c index 890f5f6a2..fc8292455 100644 --- a/dirmngr/http.c +++ b/dirmngr/http.c @@ -100,6 +100,7 @@ #include "i18n.h" #include "dns-stuff.h" #include "http.h" +#include "misc.h" #ifdef USE_NPTH @@ -726,7 +727,7 @@ http_session_new (http_session_t *r_session, is_hkps_pool = (intended_hostname && !ascii_strcasecmp (intended_hostname, - "hkps.pool.sks-keyservers.net")); + get_default_keyserver (1))); /* If the user has not specified a CA list, and they are looking * for the hkps pool from sks-keyservers.net, then default to diff --git a/dirmngr/misc.c b/dirmngr/misc.c index 6d7c963db..d2f1c69a6 100644 --- a/dirmngr/misc.c +++ b/dirmngr/misc.c @@ -30,6 +30,29 @@ #include "util.h" #include "misc.h" +/* Return a static string with the default keyserver. If NAME_ONLY is + * given only the name part is returned. */ +const char * +get_default_keyserver (int name_only) +{ + static const char *result; + + if (!name_only) + return DIRMNGR_DEFAULT_KEYSERVER; + + if (!result) + { + /* Strip the scheme from the constant. */ + result = strstr (DIRMNGR_DEFAULT_KEYSERVER, "://"); + log_assert (result && strlen (result) > 3); + result += 3; + /* Assert that there is no port given. */ + log_assert (strchr (result, ':')); + } + return result; +} + + /* Convert the hex encoded STRING back into binary and store the result into the provided buffer RESULT. The actual size of that diff --git a/dirmngr/misc.h b/dirmngr/misc.h index be4049e88..f25574f38 100644 --- a/dirmngr/misc.h +++ b/dirmngr/misc.h @@ -21,6 +21,8 @@ #ifndef MISC_H #define MISC_H +const char *get_default_keyserver (int name_only); + /* Convert hex encoded string back to binary. */ size_t unhexify (unsigned char *result, const char *string);