security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-18 14:17:03 +01:00
Code Activity

gpg: Filter keys received via DANE

Browse Source 
* g10/keyserver.c (keyserver_import_cert): Use an import filter in
DANE mode.
--

We only want to see the user ids requested via DANE and not any
additional ids.  This filter enables this in the same way we do this
in WKD.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2017-07-24 19:35:45 +02:00
parent e975482239
commit f6f0dd4d5e
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 27 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
g10/keyserver.c
View File

@ -1926,14 +1926,36 @@ keyserver_import_cert (ctrl_t ctrl, const char *name, int dane_mode,
else if (key) else if (key)
{ {
int armor_status=opt.no_armor; int armor_status=opt.no_armor;
import_filter_t save_filt;
/* CERTs and DANE records are always in binary format */ /* CERTs and DANE records are always in binary format */
opt.no_armor=1; opt.no_armor=1;
if (dane_mode)
err = import_keys_es_stream (ctrl, key, NULL, fpr, fpr_len, {
(opt.keyserver_options.import_options save_filt = save_and_clear_import_filter ();
| IMPORT_NO_SECKEY), if (!save_filt)
NULL, NULL, KEYORG_DANE); err = gpg_error_from_syserror ();
else
{
char *filtstr = es_bsprintf ("keep-uid=mbox = %s", look);
err = filtstr? 0 : gpg_error_from_syserror ();
if (!err)
err = parse_and_set_import_filter (filtstr);
xfree (filtstr);
if (!err)
err = import_keys_es_stream (ctrl, key, NULL, fpr, fpr_len,
IMPORT_NO_SECKEY,
NULL, NULL, KEYORG_DANE);
restore_import_filter (save_filt);
}
}
else
{
err = import_keys_es_stream (ctrl, key, NULL, fpr, fpr_len,
(opt.keyserver_options.import_options
| IMPORT_NO_SECKEY),
NULL, NULL, 0);
}
opt.no_armor=armor_status; opt.no_armor=armor_status;