Avoid caches to get the most recent copy of the key. This is bug

#1061

include/ChangeLog

@@ -1,3 +1,8 @@
+2009-05-26  David Shaw  <dshaw@jabberwocky.com>
+
+	* http.h: Pass in a STRLIST for additional headers on http_open
+	and http_open_document.
+
 2009-04-05  David Shaw  <dshaw@jabberwocky.com>
 
 	* srv.h: Move from util/srv.h.

include/http.h

@@ -75,12 +75,12 @@ typedef struct http_context *HTTP_HD;
 
 int http_open( HTTP_HD hd, HTTP_REQ_TYPE reqtype, const char *url,
 	       char *auth, unsigned int flags, const char *proxy,
-	       const char *srvtag );
+	       const char *srvtag, STRLIST headers );
 void http_start_data( HTTP_HD hd );
 int  http_wait_response( HTTP_HD hd, unsigned int *ret_status );
 void http_close( HTTP_HD hd );
 int http_open_document( HTTP_HD hd, const char *document, char *auth,
 			unsigned int flags, const char *proxy,
-			const char *srvtag );
+			const char *srvtag, STRLIST headers );
 
 #endif /*G10_HTTP_H*/

keyserver/ChangeLog

@@ -1,3 +1,13 @@
+2009-05-26  David Shaw  <dshaw@jabberwocky.com>
+
+	* curl-shim.c (curl_slist_append, curl_slist_free_all): New.
+	Simple wrappers around STRLIST to emulate the curl way of doing
+	string lists.
+	(curl_easy_setopt): Handle the curl HTTPHEADER option.
+
+	* gpgkeys_curl.c, gpgkeys_hkp.c (main): Avoid caches to get the
+	most recent copy of the key.  This is bug #1061.
+
 2009-05-03  David Shaw  <dshaw@jabberwocky.com>
 
 	* gpgkeys_mailto.in: Set 'mail-from' as a keyserver-option, rather

keyserver/curl-shim.c

@@ -146,6 +146,9 @@ curl_easy_setopt(CURL *curl,CURLoption option,...)
     case CURLOPT_STDERR:
       curl->errors=va_arg(ap,FILE *);
       break;
+    case CURLOPT_HTTPHEADER:
+      curl->headers=va_arg(ap,struct curl_slist *);
+      break;
     default:
       /* We ignore the huge majority of curl options */
       break;
@@ -186,7 +189,7 @@ curl_easy_perform(CURL *curl)
   if(curl->flags.post)
     {
       rc=http_open(&curl->hd,HTTP_REQ_POST,curl->url,curl->auth,0,proxy,
-		   curl->srvtag);
+		   curl->srvtag,curl->headers?curl->headers->list:NULL);
       if(rc==0)
 	{
 	  char content_len[50];
@@ -208,7 +211,7 @@ curl_easy_perform(CURL *curl)
   else
     {
       rc=http_open(&curl->hd,HTTP_REQ_GET,curl->url,curl->auth,0,proxy,
-		   curl->srvtag);
+		   curl->srvtag,curl->headers?curl->headers->list:NULL);
       if(rc==0)
 	{
 	  rc=http_wait_response(&curl->hd,&curl->status);
@@ -335,3 +338,28 @@ curl_version_info(int type)
 
   return &data;
 }
+
+struct curl_slist *
+curl_slist_append(struct curl_slist *list,const char *string)
+{
+  if(!list)
+    {
+      list=calloc(1,sizeof(*list));
+      if(!list)
+	return NULL;
+    }
+
+  add_to_strlist(&list->list,string);
+
+  return list;
+}
+
+void
+curl_slist_free_all(struct curl_slist *list)
+{
+  if(list)
+    {
+      free_strlist(list->list);
+      free(list);
+    }
+}

keyserver/curl-shim.h

@@ -49,6 +49,7 @@ typedef enum
     CURLOPT_POST,
     CURLOPT_POSTFIELDS,
     CURLOPT_FAILONERROR,
+    CURLOPT_HTTPHEADER,
     CURLOPT_SRVTAG_GPG_HACK
   } CURLoption;
 
@@ -67,6 +68,7 @@ typedef struct
   char *srvtag;
   unsigned int status;
   FILE *errors;
+  struct curl_slist *headers;
   struct
   {
     unsigned int post:1;
@@ -96,4 +98,13 @@ char *curl_easy_escape(CURL *curl,char *str,int len);
 #define curl_version() "GnuPG curl-shim"
 curl_version_info_data *curl_version_info(int type);
 
+struct curl_slist
+{
+  STRLIST list;
+};
+
+struct curl_slist *curl_slist_append(struct curl_slist *list,
+				     const char *string);
+void curl_slist_free_all(struct curl_slist *list);
+
 #endif /* !_CURL_SHIM_H_ */

keyserver/gpgkeys_curl.c

@@ -118,6 +118,7 @@ main(int argc,char *argv[])
   long follow_redirects=5;
   char *proxy=NULL;
   curl_version_info_data *curldata;
+  struct curl_slist *headers=NULL;
 
   console=stderr;
 
@@ -306,6 +307,26 @@ main(int argc,char *argv[])
   curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,(long)opt->flags.check_cert);
   curl_easy_setopt(curl,CURLOPT_CAINFO,opt->ca_cert_file);
 
+  /* Avoid caches to get the most recent copy of the key.  This is bug
+     #1061.  In pre-curl versions of the code, we didn't do it.  Then
+     we did do it (as a curl default) until curl changed the default.
+     Now we're doing it again, but in such a way that changing
+     defaults in the future won't impact us.  We set both the Pragma
+     and Cache-Control versions of the header, so we're good with both
+     HTTP 1.0 and 1.1. */
+  headers=curl_slist_append(headers,"Pragma: no-cache");
+  if(headers)
+    headers=curl_slist_append(headers,"Cache-Control: no-cache");
+
+  if(!headers)
+    {
+      fprintf(console,"gpgkeys: out of memory when building HTTP headers\n");
+      ret=KEYSERVER_NO_MEMORY;
+      goto fail;
+    }
+
+  curl_easy_setopt(curl,CURLOPT_HTTPHEADER,headers);
+
   if(proxy)
     curl_easy_setopt(curl,CURLOPT_PROXY,proxy);
 
@@ -386,6 +407,8 @@ main(int argc,char *argv[])
 
   free_ks_options(opt);
 
+  curl_slist_free_all(headers);
+
   if(curl)
     curl_easy_cleanup(curl);
 

keyserver/gpgkeys_hkp.c

@@ -550,6 +550,7 @@ main(int argc,char *argv[])
   int failed=0;
   struct keylist *keylist=NULL,*keyptr=NULL;
   char *proxy=NULL;
+  struct curl_slist *headers=NULL;
 
   console=stderr;
 
@@ -746,6 +747,26 @@ main(int argc,char *argv[])
   curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,(long)opt->flags.check_cert);
   curl_easy_setopt(curl,CURLOPT_CAINFO,opt->ca_cert_file);
 
+  /* Avoid caches to get the most recent copy of the key.  This is bug
+     #1061.  In pre-curl versions of the code, we didn't do it.  Then
+     we did do it (as a curl default) until curl changed the default.
+     Now we're doing it again, but in such a way that changing
+     defaults in the future won't impact us.  We set both the Pragma
+     and Cache-Control versions of the header, so we're good with both
+     HTTP 1.0 and 1.1. */
+  headers=curl_slist_append(headers,"Pragma: no-cache");
+  if(headers)
+    headers=curl_slist_append(headers,"Cache-Control: no-cache");
+
+  if(!headers)
+    {
+      fprintf(console,"gpgkeys: out of memory when building HTTP headers\n");
+      ret=KEYSERVER_NO_MEMORY;
+      goto fail;
+    }
+
+  curl_easy_setopt(curl,CURLOPT_HTTPHEADER,headers);
+
   if(proxy)
     curl_easy_setopt(curl,CURLOPT_PROXY,proxy);
 
@@ -923,6 +944,8 @@ main(int argc,char *argv[])
 
   free_ks_options(opt);
 
+  curl_slist_free_all(headers);
+
   if(curl)
     curl_easy_cleanup(curl);
 

util/ChangeLog

@@ -1,3 +1,8 @@
+2009-05-26  David Shaw  <dshaw@jabberwocky.com>
+
+	* http.c (send_request): Pass in a STRLIST for additional headers.
+	Change all callers.
+
 2009-05-22  Werner Koch  <wk@g10code.com>
 
 	* ttyio.c (tty_cleanup_after_signal): New.

util/http.c

@@ -69,7 +69,7 @@ static int insert_escapes( byte *buffer, const byte *string,
 					 const byte *special );
 static URI_TUPLE parse_tuple( byte *string );
 static int send_request( HTTP_HD hd, const char *auth, const char *proxy,
-			 const char *srvtag);
+			 const char *srvtag, STRLIST headers);
 static byte *build_rel_path( PARSED_URI uri );
 static int parse_response( HTTP_HD hd );
 
@@ -150,7 +150,7 @@ make_radix64_string( const byte *data, size_t len )
 int
 http_open( HTTP_HD hd, HTTP_REQ_TYPE reqtype, const char *url,
 	   char *auth, unsigned int flags, const char *proxy,
-	   const char *srvtag )
+	   const char *srvtag, STRLIST headers )
 {
     int rc;
 
@@ -166,7 +166,7 @@ http_open( HTTP_HD hd, HTTP_REQ_TYPE reqtype, const char *url,
 
     rc = parse_uri( &hd->uri, url );
     if( !rc ) {
-        rc = send_request( hd, auth, proxy, srvtag );
+        rc = send_request( hd, auth, proxy, srvtag, headers );
 	if( !rc ) {
 	    hd->fp_write = iobuf_sockopen( hd->sock , "w" );
 	    if( hd->fp_write )
@@ -234,11 +234,13 @@ http_wait_response( HTTP_HD hd, unsigned int *ret_status )
 
 int
 http_open_document( HTTP_HD hd, const char *document, char *auth,
-		    unsigned int flags, const char *proxy, const char *srvtag )
+		    unsigned int flags, const char *proxy, const char *srvtag,
+		    STRLIST headers )
 {
     int rc;
 
-    rc = http_open(hd, HTTP_REQ_GET, document, auth, flags, proxy, srvtag );
+    rc = http_open(hd, HTTP_REQ_GET, document, auth, flags, proxy, srvtag,
+		   headers );
     if( rc )
 	return rc;
 
@@ -521,7 +523,7 @@ parse_tuple( byte *string )
  */
 static int
 send_request( HTTP_HD hd, const char *auth, const char *proxy,
-	      const char *srvtag )
+	      const char *srvtag, STRLIST headers )
 {
     const byte *server;
     byte *request, *p;
@@ -613,6 +615,19 @@ send_request( HTTP_HD hd, const char *auth, const char *proxy,
     xfree(p);
 
     rc = write_server( hd->sock, request, strlen(request) );
+
+    if(rc==0)
+      for(;headers;headers=headers->next)
+	{
+	  rc = write_server( hd->sock, headers->d, strlen(headers->d) );
+	  if(rc)
+	    break;
+
+	  rc = write_server( hd->sock, "\r\n", 2 );
+	  if(rc)
+	    break;
+	}
+
     xfree( request );
     xfree(proxy_authstr);
     xfree(authstr);
@@ -1078,7 +1093,7 @@ main(int argc, char **argv)
     }
     release_parsed_uri( uri ); uri = NULL;
 
-    rc = http_open_document( &hd, *argv, NULL, 0, NULL );
+    rc = http_open_document( &hd, *argv, NULL, 0, NULL, NULL, NULL );
     if( rc ) {
 	log_error("can't get `%s': %s\n", *argv, g10_errstr(rc));
 	return 1;