From fe57cdc2fb7469f063a89fa44380caa336d40eb0 Mon Sep 17 00:00:00 2001 From: David Shaw Date: Tue, 3 Feb 2009 19:40:28 +0000 Subject: [PATCH] * gpgkeys_hkp.c (send_key, get_key, get_name, search_key, main): Add support for SSLized HKP. --- keyserver/ChangeLog | 5 ++++ keyserver/gpgkeys_hkp.c | 58 +++++++++++++++++++++++++---------------- 2 files changed, 41 insertions(+), 22 deletions(-) diff --git a/keyserver/ChangeLog b/keyserver/ChangeLog index edb3ce884..0d93a2780 100644 --- a/keyserver/ChangeLog +++ b/keyserver/ChangeLog @@ -1,3 +1,8 @@ +2009-02-03 David Shaw + + * gpgkeys_hkp.c (send_key, get_key, get_name, search_key, main): + Add support for SSLized HKP. + 2008-11-18 David Shaw * curl-shim.h, gpgkeys_curl.c, gpgkeys_hkp.c (main): Always show diff --git a/keyserver/gpgkeys_hkp.c b/keyserver/gpgkeys_hkp.c index 8820e30eb..b939e4676 100644 --- a/keyserver/gpgkeys_hkp.c +++ b/keyserver/gpgkeys_hkp.c @@ -1,6 +1,6 @@ /* gpgkeys_hkp.c - talk to an HKP keyserver - * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007, - * 2008 Free Software Foundation, Inc. + * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, + * 2009 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -54,6 +54,7 @@ static FILE *input,*output,*console; static CURL *curl; static struct ks_options *opt; static char errorbuffer[CURL_ERROR_SIZE]; +static char *proto,*port; static size_t curl_mrindex_writer(const void *ptr,size_t size,size_t nmemb,void *stream) @@ -186,13 +187,10 @@ send_key(int *eof) strcpy(key,"keytext="); strcat(key,encoded_key); - strcpy(request,"http://"); + strcpy(request,proto); strcat(request,opt->host); strcat(request,":"); - if(opt->port) - strcat(request,opt->port); - else - strcat(request,"11371"); + strcat(request,port); strcat(request,opt->path); /* request is MAX_URL+15 bytes long - MAX_URL covers the whole URL, including any supplied path. The 15 covers /pks/add. */ @@ -253,13 +251,10 @@ get_key(char *getkey) return KEYSERVER_NOT_SUPPORTED; } - strcpy(request,"http://"); + strcpy(request,proto); strcat(request,opt->host); strcat(request,":"); - if(opt->port) - strcat(request,opt->port); - else - strcat(request,"11371"); + strcat(request,port); strcat(request,opt->path); /* request is MAX_URL+55 bytes long - MAX_URL covers the whole URL, including any supplied path. The 60 overcovers this /pks/... etc @@ -334,13 +329,10 @@ get_name(const char *getkey) fprintf(output,"NAME %s BEGIN\n",getkey); - strcpy(request,"http://"); + strcpy(request,proto); strcat(request,opt->host); strcat(request,":"); - if(opt->port) - strcat(request,opt->port); - else - strcat(request,"11371"); + strcat(request,port); strcat(request,opt->path); append_path(request,"/pks/lookup?op=get&options=mr&search="); strcat(request,searchkey_encoded); @@ -420,13 +412,10 @@ search_key(const char *searchkey) fprintf(output,"SEARCH %s BEGIN\n",searchkey); - strcpy(request,"http://"); + strcpy(request,proto); strcat(request,opt->host); strcat(request,":"); - if(opt->port) - strcat(request,opt->port); - else - strcat(request,"11371"); + strcat(request,port); strcat(request,opt->path); append_path(request,"/pks/lookup?op=index&options=mr&search="); @@ -633,6 +622,28 @@ main(int argc,char *argv[]) } } + + if(!opt->scheme) + { + fprintf(console,"gpgkeys: no scheme supplied!\n"); + ret=KEYSERVER_SCHEME_NOT_FOUND; + goto fail; + } + + if(ascii_strcasecmp(opt->scheme,"hkps")==0) + { + proto="https://"; + port="11372"; + } + else + { + proto="http://"; + port="11371"; + } + + if(opt->port) + port=opt->port; + if(!opt->host) { fprintf(console,"gpgkeys: no keyserver host provided\n"); @@ -666,6 +677,9 @@ main(int argc,char *argv[]) curl_easy_setopt(curl,CURLOPT_VERBOSE,1L); } + curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,(long)opt->flags.check_cert); + curl_easy_setopt(curl,CURLOPT_CAINFO,opt->ca_cert_file); + if(proxy) curl_easy_setopt(curl,CURLOPT_PROXY,proxy);