* configure.ac: Do not build dirmngr if no TLS is available.
* dirmngr/http.c: Remove all uses of the USE_TLS macro.
Signed-off-by: Werner Koch <wk@gnupg.org>
* doc/DETAILS: Specify new status code "NOTE".
* dirmngr/ks-engine-http.c (ks_http_fetch): Print a NOTE status for a
bad TLS certificate.
* g10/call-dirmngr.c (ks_status_cb): Detect this status.
--
For example a
gpg -v --locate-external-keys dd9jn@posteo.net
now yields
gpg: Note: server uses an invalid certificate
gpg: (further info: bad cert for 'posteo.net': \
Hostname does not match the certificate)
gpg: error retrieving 'dd9jn@posteo.net' via WKD: Wrong name
gpg: error reading key: Wrong name
(without -v the "further info" line is not shown). Note that even
after years Posteo is not able to provide a valid certificate for
their .net addresses. Anyway, this help to show the feature.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/http.c: Include dirmngr-status.h
(http_prepare_redirect): Emit WARNING status lines for redirection
problems.
* dirmngr/http.h: Include fwddecl.h.
(struct http_redir_info_s): Add field ctrl.
* dirmngr/ks-engine-hkp.c (send_request): Set it.
* dirmngr/ks-engine-http.c (ks_http_fetch): Set it.
* g10/call-dirmngr.c (ks_status_cb): Detect the two new warnings.
--
This should make it easier to diagnose problems with bad WKD servers.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dns-stuff.c (cached_inet_support): New variable.
(dns_stuff_housekeeping): New.
(check_inet_support): New.
* dirmngr/http.c (connect_server): Use only detected interfaces.
* dirmngr/dirmngr.c (housekeeping_thread): Flush the new cache.
--
This currently works only for Windows but that is where users really
ran into problems. The old workaround was to configure disable-ipv4
or disable-ipv6.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dirmngr.c (parse_ldapservers_file): Tune down error
in case no such file exists.
--
This is hardly an error because by default such a file
does not exist. This caused trouble in support because
people think "Oh the system prints an error".
GnuPG-Bug-Id: T3539
* configure.ac (USE_LDAPWRAPPER): Remove ac_define and conditional.
* dirmngr/Makefile.am: Remove USE_LDAPWRAPPER and considere true.
* dirmngr/ldap-wrapper-ce.c: Remove.
* dirmngr/ldap-wrapper.c: Remove USE_LDAPWRAPPER stuff. Minor chnages
to debug output.
* dirmngr/dirmngr_ldap.c: Remove USE_LDAPWRAPPER stuff. Remove
my_ldap macros.
(fetch_ldap) [W32]: Use ldap_sslinit.
--
Note that the ldap_sslinit stuff for Windows has not been tested.
This patch removes the whole wrapper-but-linked business because we do
not need it anymore. WindowsCE for which we used it is pretty dead.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ldapserver.h: Rename LDAPSERVER_OPT.
--
Using _OPT is not good because it does not describe for what this
configuration group is used. _SESSION immediately shows the purpose.
Signed-off-by: Werner Koch <wk@gnupg.org>
* sm/gpgsm.h (struct keyserver_spec): Add field use_ldaps.
* sm/gpgsm.c (parse_keyserver_line): Parse flags.
* sm/call-dirmngr.c (prepare_dirmngr): Send ldaps flag to the dirmngr.
* dirmngr/dirmngr.h (struct ldap_server_s): Add field use_ldaps.
* dirmngr/ldapserver.c (ldapserver_parse_one): Parse flags.
* dirmngr/ldap.c (start_cert_fetch_ldap): Call wrapper with --tls.
* dirmngr/dirmngr_ldap.c: New option --tls.
(fetch_ldap): Make use of that option.
--
There was no way to specify an LDAPS server in
dirmngr_ldapserver.socnf or with gpgsm's --keyserver option. This
patch fixes this. Eventually we should allow to replace host and port
by a partial URI in the same way ldap_initialize does it. For backward
compatibility we do not yet do that.
Although the dirmngr code accepts an URL (eg. taken from a
certificate), I can't see how the scheme was ever used. Thus the
patch also detects an ldaps scheme and uses this. That part has not
been tested, though.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ks-engine-hkp.c (send_request): Reinitialize HTTP session when
following a HTTP redirection.
--
inspired by patch from Damien Goutte-Gattat <dgouttegattat@incenp.org>
GnuPG-Bug_id: 4566
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Originally applied to 2.2. Here a minor conflict fix was needed.
* dirmngr/ks-engine-hkp.c (SEND_REQUEST_EXTRA_RETRIES): New.
(handle_send_request_error): Use it for 503 and 504.
(ks_hkp_search, ks_hkp_get, ks_hkp_put): Pass a new var for
extra_tries.
--
This is a pretty stupid fix but one which works without much risk of
regressions. We could have used the existing TRIES but in that case
the fallback to other host would have been too limited. With the used
value we can have several fallbacks to other hosts. Note that the
TRIES is still cumulative and not per host.
GnuPG-bug-id: 4600
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ocsp.c (do_ocsp_request): Remove arg md. Add args r_sigval,
r_produced_at, and r_md. Get the hash algo from the signature and
create the context here.
(check_signature): Allow any hash algo. Print a diagnostic if the
signature does not verify.
--
GnuPG-bug-id: 3966
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/certcache.c (find_cert_bysubject): Add better debug output
and try to locate by keyid.
--
This chnages was suggested in
GnuPG-bug-id: 4536
but we do not have any test cases for this.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/domaininfo.c (struct domaininfo_s): Add field keepmark.
(insert_or_update): Implement new update algorithm.
--
The old algorithm limited the length of a bucket chain by purging the
last 50% or the entries. Thus the first domains entered into the
cache were never purged. The new algorithm is a bit better: It also
limits the chain length on overflow to 50% but tries to keep the
entries indicating that a WKD is available in the cache. If there is
still space to keep more, those which clearly do not support WKD are
also kept.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ks-engine-hkp.c (send_request): New case for 413.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/ocsp.c (do_ocsp_request): Ditto.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* kbx/keybox-search-desc.h (KEYDB_SEARCH_MODE_FPR16)
(KEYDB_SEARCH_MODE_FPR20, KEYDB_SEARCH_MODE_FPR32): Remove. Switch
all users to KEYDB_SEARCH_MODE_FPR along with the fprlen value.
--
These search modes were added over time and there has until recently
be no incentive to remove the cruft. With the change for v5 keys I
finally went over all places and allowed the generic fingerprint mode
along with a given length of the fingerprint at all places.
Consequently the other modes can now be removed.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dirmngr.c (post_option_parsing): Do not call set_tor_mode.
(dirmngr_sighup_action): Call it here.
(main): Call it here unless in --gpgconf-list mode.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/http.c (same_host_p): Add exception table.
--
Please: Adding entries to this table shall be an exception and not the
rule.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dns.h (dns_quietinit): Remove.
(dns_hints_i_new): Remove.
--
Even before our change, dns_quietinit was questionable macro; There
was no place in dns.c which requires overrides in initializer list.
Only redundant zero were.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr/dns.h (DNS_OPTS_INIT, dns_opts): Remove.
* dirmngr/dns-stuff.c (libdns_res_open): Use zero-ed, and initialized
automatic variable for opts.
* dirmngr/dns.c (send_query, resolve_query, resolve_addrinfo):
Likewise.
--
In fact, DNS_OPTS_INIT was only needed when args are none. With
partially specified initialization, C99 guarantees zero-ed other
members just like static object.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr/dns.h (dns_rr_foreach): Don't use dns_rr_i_new.
Call dns_rr_grep with NULL.
* dirmngr/dns.c (dns_rr_grep): Support NULL for error_.
--
Here we still use C99 feature of struct member initialization in
dns_rr_foreach, for struct dns_rr_i. Note that in C99, it guarantees
non-specified member fields are initialized by zero. So, there's no
need to use dns_rr_i_new at all.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr/dns.c (dns_inet_pton, dns_so_tcp_keep): Use automatic
variables.
(dns_poll, dns_send_nopipe): Likewise, adding const qualifier.
--
Compound literals is a feature of C99. Because we only use C90 plus
some limited features, in the project, it's better to avoid it.
Besides, we make sure when it's read-only.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr/dns.c: Include gpgrt.h. Silence -Warray-bounds also gcc.
* tools/gpg-pair-tool.c (command_respond): Init two vars to silence
gcc.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ks-engine-hkp.c (handle_send_request_error): Add arg
http_status and handle it.
(ks_hkp_search): Get http_status froms end_request and pass on to
handle_send_request_error.
(ks_hkp_get): Ditto.
(ks_hkp_put): Ditto.
--
GnuPG-bug-id: 4175
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/http.h (parsed_uri_s): Add fields off_host and off_path.
(http_redir_info_t): New.
* dirmngr/http.c (do_parse_uri): Set new fields.
(same_host_p): New.
(http_prepare_redirect): New.
* dirmngr/t-http-basic.c: New test.
* dirmngr/ks-engine-hkp.c (send_request): Use http_prepare_redirect
instead of the open code.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
--
With this change a http query will not follow a redirect unless the
Location header gives the same host. If the host is different only
the host and port is taken from the Location header and the original
path and query parts are kept.
Signed-off-by: Werner Koch <wk@gnupg.org>
Summary:
* dirmngr/crlcache.c (crl_cache_flush): Also deinit the cache.
* dirmngr/server.c (hlp_flushcrls, cmd_flushcrls): New.
(register_commands): Add FLUSHCRLS.
--
This allows it to flush the CRL cache of a running dirmngr
server. This can be useful to debug / analyze CRL issues.
GnuPG-Bug-Id: T3967
Differential Revision: https://dev.gnupg.org/D469
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
(cherry picked from commit 00321a025f)
* common/mbox-util.c (mailbox_from_userid): Add arg subaddress and
implement. Change all callers to pass false for it.
* common/t-mbox-util.c (run_mbox_no_sub_test): New.
(run_filter): Add arg no_sub.
(main): Call new test and add option --no-sub.
--
Some stats: In the about 5300000 keys on the SKS servers we found 3055
unique mailboxes with a '+' in it. After removing leading and
trailing '+' as well as multiple '+' (e.g. "c++" or "foo+bar+baz")
2697 were left which seem to be valid sub-addresses.
To filter mailboxes out from a line delimited list with
user-ids (e.g. an SQL output), the command
t-mbox-util --verbose --filter
can be used; to output w/o sub-addresses add --no-sub.
GnuPG-bug-id: 4200
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/misc.c (host_and_port_from_url): Fix bad port parsing and a
segv for a missing slash after the host name.
--
Reportted-by: Tomas Mraz
GnuPG-bug-id: 4230
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ks-engine-ldap.c (extract_attributes): Don't use a variabale
out of scope and cleanup the entire pgpKeySize block.
--
GnuPG-bug-id: 4229
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/server.c (proc_wkd_get): Tack the raw local address to the
request.
--
We append the raw non-canonicalized local address part to the hash.
Servers who serve the requests from static files will ignore the
parameters and a test with posteo shows that also services using a
database ignore the parameter. The general idea is that service
providers may use their own canonicalization rules. The problem is
that we currently filter the returned key for the full mail address
and thus we will never see a key if the service did a different
canonicalization than we. So consider this to be an experiment.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ks-engine-hkp.c (ks_hkp_search): Send SOURCE status also on
NO DATA error.
(ks_hkp_get): Ditto.
* g10/call-dirmngr.c (gpg_dirmngr_ks_search): Print "data source" info
also on error.
(gpg_dirmngr_ks_get): Ditto.
--
If a keyserver does not return any data it can be useful to know which
keyserver out of the pool answered.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ks-engine-hkp.c (select_random_host): Use atomic pass
through the host table instead of risking out-of-bounds write.
--
Multiple threads may write to hosttable[x]->dead while
select_random_host() is running. For example, a housekeeping thread
might clear the ->dead bit on some entries, or another connection to
dirmngr might manually mark a host as alive.
If one or more hosts are resurrected between the two loops over a
given table in select_random_host(), then the allocation of tbl might
not be large enough, resulting in a write past the end of tbl on the
second loop.
This change collapses the two loops into a single loop to avoid this
discrepancy: each host's "dead" bit is now only checked once.
As Werner points out, this isn't currently strictly necessary, since
npth will not switch threads unless a blocking system call is made,
and no blocking system call is made in these two loops.
However, in a subsequent change in this series, we will call a
function in this loop, and that function may sometimes write(2), or
call other functions, which may themselves block. Keeping this as a
single-pass loop avoids the need to keep track of what might block and
what might not.
GnuPG-bug-id: 2836
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Werner Koch