1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

82 Commits

Author SHA1 Message Date
Werner Koch
dc61f4ecea
dirmngr: New function http_status2string.
* dirmngr/http.c (http_status2string): New.
--

Right now only the standard 5xx codes.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-12-11 13:24:31 +01:00
Werner Koch
fa1b1eaa42
dirmngr: Avoid possible CSRF attacks via http redirects.
* dirmngr/http.h (parsed_uri_s): Add fields off_host and off_path.
(http_redir_info_t): New.
* dirmngr/http.c (do_parse_uri): Set new fields.
(same_host_p): New.
(http_prepare_redirect): New.
* dirmngr/t-http-basic.c: New test.
* dirmngr/ks-engine-hkp.c (send_request): Use http_prepare_redirect
instead of the open code.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
--

With this change a http query will not follow a redirect unless the
Location header gives the same host.  If the host is different only
the host and port is taken from the Location header and the original
path and query parts are kept.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-22 22:36:07 +01:00
Werner Koch
bd4048c533
dirmngr: Print a WARNING status for DNS config problems.
* dirmngr/dirmngr-status.h: New.
* dirmngr/dirmngr.h: Include dirmngr-status.h and move some prototypes
to that file.
* dirmngr/t-support.c: New.
* dirmngr/Makefile.am (dirmngr_SOURCES): Add dirmngr-status.h.
(t_common_src): Add t-support.c.
* dirmngr/server.c (dirmngr_status_printf): Bypass if CTRL is NULL.
* dirmngr/dns-stuff.c: Include dirmngr-status.h.
(libdns_init): Print WARNING status line.  Change call callers to take
and pass a CTRL argument.
* g10/call-dirmngr.c (ks_status_cb): Print info for new WARNING
status.
--

To test this you can change RESOLV_CONF_NAME in dns-stuff.c and run
gpg --recv-key -v SOMETHING.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-25 14:35:04 +02:00
Werner Koch
7b7576637d
Merge branch 'STABLE-BRANCH-2-2' into master
--

Resolved Conflicts:
	NEWS  - removed
	configure.ac - removed

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-13 13:29:40 +02:00
Werner Koch
bb8894760f
dirmngr: Add the used TLS library to the debug output.
* dirmngr/http.c (send_request): Print the used TLS library in debug
mode.
--

We allow two different TLS libararies and thus it is useful to see
that in the debug output of bug reports.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-25 15:25:26 +02:00
Werner Koch
705d8e9cf0
dirmngr: Implement CRL fetching via https.
* dirmngr/http.h (HTTP_FLAG_TRUST_CFG): New flag.
* dirmngr/http.c (http_register_cfg_ca): New.
(http_session_new) [HTTP_USE_GNUTLS]: Implement new trust flag.
* dirmngr/certcache.c (load_certs_from_dir): Call new function.
(cert_cache_deinit): Ditto.
* dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Ditto.
* dirmngr/ks-engine-http.c (ks_http_fetch): Add new args
'send_no_cache' and 'extra_http_trust_flags'.  Change all callers to
provide the default value.
* dirmngr/crlfetch.c (crl_fetch): Rewrite to make use of
ks_http_fetch.
--

The old code simply did not use https for downloading of CRLS.
Instead it rewrote https to http under the assumption that the CRL
service was also available without encryption.  Note that a CRL is
self-standing and thus it does not need to have extra authenticity as
provided by TLS.  These days we should not use any unencrypted content
and thus this patch.

Be aware that cacert.org give a https CRL DP but that currently
redirects to to http!  This is a downgrade attack which we detect and
don't allow.  The outcome is that it is right now not possible to use
CAcert certificates.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-25 12:38:04 +02:00
Werner Koch
b56dfdfc18
Use the gpgrt log functions if possible.
* common/logging.c: Do not build any code if we can use the gpgrt_log
functions.
(log_logv_with_prefix): Rename to log_logv_prefix and change order of
args so that this function matches its printf like counterpart
gpgrt_logv_prefix.  Change all callers.
(log_debug_with_string): Rename to log_debug_string. Change all
callers.
(log_printhex): Move first arg to end so that this function matches
its printf like counterpart gpgrt_log_printhex.  Change all callers.
* common/logging.h: Divert to gpgrt/libgpg-error if we can use the
gpgrt_log functions.
(bug_at): Add inline versions if we can use the gpgrt_log functions.
* configure.ac (GPGRT_ENABLE_LOG_MACROS): Add to AH_BOTTOM.
(mycflags): Add -Wno-format-zero-length.
--

This patch enables the use of the log function from libgpgrt (aka
libgpg-error).  Instead of checking a version number, we enable them
depending on macros set by recent gpg-error versions.  Eventually the
whole divert stuff can be removed.

The -Wno-format-zero-length is required because log_printhex can be
called with an empty format string.  Note that this is fully specified
standard C behaviour.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-27 15:00:25 +01:00
Werner Koch
482fd5758c
dirmngr,w32: Fix http connection timeout problem.
* dirmngr/http.c (connect_with_timeout) [W32]: Take care of EAGAIN.
--

GnuPG-bug-id: 3319
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-31 13:12:37 +02:00
Werner Koch
c5e5748480
dirmngr: Do not use a blocking connect in Tor mode.
* dirmngr/http.c (http_raw_connect): Disable the timeout in Tor mode.
(send_request): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-26 13:48:27 +02:00
NIIBE Yutaka
ade4b2744c dirmngr: More minor fix.
* dirmngr/http.c (send_request): Care the case of !USE_TLS.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-07-24 16:09:11 +09:00
NIIBE Yutaka
789401e955 dirmngr: More minor fixes.
* dirmngr/http.c (http_verify_server_credentials): Duplicated const.
* dirmngr/ldap.c (parse_one_pattern): Add comment.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-07-24 15:35:34 +09:00
NIIBE Yutaka
274602820c dirmngr: Minor fix for Windows.
* dirmngr/http.c (connect_with_timeout): Use FD2INT.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-07-24 15:30:56 +09:00
Justus Winter
da91d2106a
dirmngr: Implement TLS over http proxies.
* dirmngr/http.c (send_request): If a http proxy is to be used, and we
want to use TLS, try to use the CONNECT method to get a connection to
the target server.

GnuPG-bug-id: 2940
Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-19 12:14:30 +02:00
Justus Winter
e7eabe66b6
dirmngr: Log http response in debug mode.
* dirmngr/http.c (parse_response): Log http response in debug mode.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-19 12:14:28 +02:00
Justus Winter
1ba220e681
dirmngr: Amend TLS handling.
* dirmngr/http.c (http_wait_response): Get the 'use_tls' flag from the
write cookie, not from the URI.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-19 12:14:27 +02:00
Justus Winter
46a4a0c0e7
dirmngr: Fix connecting to http proxies.
* dirmngr/http.c (send_request): Do not use the 'srvtag' intended for
the target host to connect to the http proxy.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-19 12:14:25 +02:00
Justus Winter
73d4781e45
dirmngr: Fix handling of proxy URIs.
* dirmngr/http.c (send_request): We do not support socks4.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-19 11:18:39 +02:00
Justus Winter
b231959728
dirmngr: Honor http keyserver URLs.
* dirmngr/http.c (parse_uri): Keep an unmodified copy of the URI.
* dirmngr/http.h (struct parsed_uri_s): New field 'original'.
* dirmngr/ks-action.c (ks_action_get): Properly handle http and https
URLs.
--

If a key has a http or https URL as preferred keyserver, fetch the key
from there.  Previously, dirmngr unconditionally interpreted these
URLs as hkp servers.

GnuPG-bug-id: 2924
Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-18 13:56:33 +02:00
Justus Winter
ebb35ed711
dirmngr: Fix memory leak.
* dirmngr/http.c (parse_uri): Properly free partial results.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-18 13:49:24 +02:00
Justus Winter
3d670fa973
dirmngr: Fix memory leak.
* dirmngr/http.c (http_release_parsed_uri): Free 'params'.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-18 13:49:22 +02:00
Werner Koch
5b9025cfa1
dirmngr: Allow a timeout for HTTP and other TCP connects.
* dirmngr/http.c: Include fcntl.h.
(http_session_s): Add field 'connect_timeout'.
(http_session_new): Clear that.
(http_session_set_timeout): New function.
(my_wsagetlasterror) [W32]: New.
(connect_with_timeout): New function.
(connect_server): Add arg 'timeout' and call connect_with_timeout.
(send_request): Add arg 'timeout' and pass it to connect_server.
(http_raw_connect): Add arg 'timeout'.
(http_open): Pass TIMEOUT from the session to connect_server.
--

Note that the non-blocking connect we implement is traditional a
pretty non-portable thing due to slighly different semantics.  The
code uses the strategy W. Richard Stevens suggested in 1998.
Hopefully current OS versions got it all right.

The code has not been tested on Windows.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-08 09:37:36 +02:00
NIIBE Yutaka
5c8fe54809 Spelling fixes in docs and comments.
--

In addition, fix trailing spaces in tests/inittests.

GnuPG-bug-id: 3121
Reported-by: ka7 (klemens)
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-28 10:06:33 +09:00
NIIBE Yutaka
0d0a7efa8f dirmngr: Fix API difference for Windows.
* dirmngr/http.c (read_server, write_server): Use assuan_fd_t.
(http_wait_response): Use FD2INT to get unsigned integer fd.
(read_server, write_server): Likewise.
(simple_cookie_read, simple_cookie_write): Use assuan_fd_t.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-18 09:03:14 +09:00
NIIBE Yutaka
4771bad610 dirmngr: More fix for Windows.
* dirmngr/http.c (simple_cookie_read, simple_cookie_write): Only
valid with HTTP_USE_NTBTLS.
(_my_socket_new): Simply cast to int since it's for debug.
(_my_socket_ref, _my_socket_unref): Likewise.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-14 08:32:49 +09:00
NIIBE Yutaka
86dcb03134 dirmngr: Fix http.c for sockaddr_storage.
dirmngr/http.c (use_socks): Use sockaddr_storage.
(my_sock_new_for_addr, connect_server): Likewise.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-13 14:46:57 +09:00
NIIBE Yutaka
6755b3b505 dirmngr: Fix type of sock.
* dirmngr/http.c (send_request): Use assuan_fd_t for SOCK.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-12 20:50:50 +09:00
Werner Koch
69c521df42
dirmngr: Ignore warning alerts in the GNUTLS handshake.
* dirmngr/http.c (send_request) [GNUTLS]: Don't bail out on warning
alerts.
--

GnuPG-bug-id: 2833
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-17 12:50:35 +01:00
NIIBE Yutaka
70aca95d68 Remove -I option to common.
* dirmngr/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common.
* g10/Makefile.am (AM_CPPFLAGS): Ditto.
* g13/Makefile.am (AM_CPPFLAGS): Ditto.
* kbx/Makefile.am (AM_CPPFLAGS): Ditto.
* scd/Makefile.am (AM_CPPFLAGS): Ditto.
* sm/Makefile.am (AM_CPPFLAGS): Ditto.
* tools/Makefile.am (AM_CPPFLAGS): Ditto.
* Throughout: Follow the change.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-07 20:25:54 +09:00
Werner Koch
1890896fe6
dirmngr: Rearrange files to fix de6d831.
* dirmngr/http-common.c: New.
* dirmngr/http-common.h: New.
* dirmngr/Makefile.am (dirmngr_SOURCES): Add them.
(t_http_SOURCES): Add them.
(t_ldap_parse_uri_SOURCES): Add them.
* dirmngr/misc.c (get_default_keyserver): Move to ...
* dirmngr/http-common.c: here.
* dirmngr/http.c: Include http-common.h instead of misc.h.
* dirmngr/http-ntbtls.c: Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-02 18:35:03 +01:00
Werner Koch
de6d8313f6
dirmngr: Let --gpgconf-list return the default keyserver.
* dirmngr/misc.c (get_default_keyserver): New.
* dirmngr/http.c: Include misc.h
(http_session_new): Use get_default_keyserver instead of hardwired
"hkps.pool.sks-keyservers.net".
* dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Ditto.
* dirmngr/dirmngr.c (main) <aGPGCongList>: Return default keyserver.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-02 17:58:58 +01:00
Werner Koch
22b69b9edf
dirmngr: Add new debug flag "extprog"
* dirmngr/dirmngr.h (DBG_EXTPROG_VALUE, DBG_EXTPROG): New macros.
* dirmngr/dirmngr.c (debug_flags): Add flag "extprog".
(handle_connections): Use a macro instead of -1 for an invalid socket.
* dirmngr/loadswdb.c (verify_status_cb): Debug the gpgv call.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-23 20:14:16 +01:00
Werner Koch
a42bf00b4e
dirmngr,w32: Make https with ntbtls work.
* dirmngr/http.c (simple_cookie_functions): New.
(send_request) [HTTP_USE_NTBTLS, W32]: Use es_fopencookie.
(cookie_read): Factor some code out to ...
(read_server): new.
(simple_cookie_read, simple_cookie_write) [W32]: New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-23 10:30:58 +01:00
Yuri Chornoivan
24cf0606b4 Clean up word replication.
--

This fixes extra word repetitions (like "the the" or "is is") in the
code and docs.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-02-21 13:11:46 -05:00
Werner Koch
493c142e58
dirmngr: New Assuan option "http-crl".
* dirmngr/dirmngr.h (server_control_s): New flag 'http_no_crl'.
* dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Set this flag.
* dirmngr/server.c (option_handler): New option "http-crl"
* dirmngr/http.h (HTTP_FLAG_NO_CRL): New flag.
* dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Consult this flag.
* dirmngr/ks-engine-hkp.c (send_request): Set flag depending on CTRL.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.

* dirmngr/t-http.c (main): New option --no-crl.
--

This new option can be used to enable CRL checks on a per session
base.  The default is not to use CRLs for https connections.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-21 09:37:07 +01:00
Werner Koch
39c7450381
dirmngr: Add a magic field to the http structs.
* dirmngr/http.c (HTTP_SESSION_MAGIC): New.
(http_session_s): New field 'magic'.
(HTTP_CONTEXT_MAGIC): New.
(http_context_s): New field 'magic'.
(my_ntbtls_verify_cb): Assert MAGIC.
(fp_onclose_notification): Ditto.
(session_unref): Ditto.  Reset MAGIC.
(http_session_new): Set MAGIC.
(http_open): Ditto.
(http_raw_connect): Ditto.
(http_close): Assert MAGIC.  Reset MAGIC.

* dirmngr/t-http.c (my_http_tls_verify_cb): MArk HTTP_FLAGS unused.
--

We pass those handles through opaque pointers.  The magic numbers will
help to detect wrong use.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-21 09:13:02 +01:00
Werner Koch
e174893262
dirmngr.c: Make http.c build without any TLS support.
* dirmngr/http.c (http_session_new): Remove used of tls_prority.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-20 10:02:25 +01:00
Werner Koch
64fffd0ce2
dirmngr: First take on ntbtls cert verification.
* dirmngr/http-ntbtls.c: New.
* dirmngr/Makefile.am (dirmngr_SOURCES): Add file.
* dirmngr/dirmngr.h (SERVER_CONTROL_MAGIC): New.
(server_conrol_s): Add field 'magic',
* dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Set MAGIC.
(dirmngr_deinit_default_ctrl): Set MAGIC to deadbeef.
* dirmngr/http.c (my_ntbtls_verify_cb): New.
(http_session_new) [HTTP_USE_NTBTLS]: Remove all CA setting code.
(send_request) [HTTP_USE_NTBTLS]: Set the verify callback.  Do not call
the verify callback after the handshake.
* dirmngr/ks-engine-hkp.c (send_request): Pass
gnupg_http_tls_verify_cb to http_session_new.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.

* dirmngr/t-http.c (my_http_tls_verify_cb): New.
(main): Rename option --gnutls-debug to --tls-debug.
(main) [HTTP_USE_NTBTLS]: Create a session.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-19 10:36:43 +01:00
Werner Koch
a74902cccd
dirmngr: Add per-session verify callback to http.c
* dirmngr/http.h (http_verify_cb_t): New type.
* dirmngr/http.c (http_session_s): Add fields flags, verify_cb, and
verify_cb_value.
(http_session_new): Remove arg tls_priority.  Add args verify_cb and
verify-cb_value.  Store them in the session object.
(send_request): Use per-session verify callback.
(http_verify_server_credentials) [HTTP_USE_NTBTLS]: Return
GPG_ERR_NOT_IMPLEMENTED.
* dirmngr/ks-engine-hkp.c (send_request): Adjust for changed
http_session_new.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/t-http.c (main): Ditto.

* dirmngr/server.c (do_get_cert_local): Replace xmalloc by malloc.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-18 16:39:02 +01:00
Werner Koch
cd32ebd152
dirmngr: Strip the default https port from the Host: header.
* dirmngr/http.c (send_request): Strip the default https port.

--

GnuPG-bug-id: 2965
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-17 21:59:45 +01:00
Werner Koch
aef60abe6a
dirmngr: Replace stpcpy chains by strconcat.
* dirmngr/certcache.c (find_cert_bysn): Use strconcat.
(find_cert_bysubject): Ditto.
* dirmngr/http.c (store_header): Ditto.
* dirmngr/ldap.c (make_url): Ditto.
* dirmngr/server.c (get_cert_local_ski): Ditto.
(do_get_cert_local): Use xstrconcat.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-16 10:33:26 +01:00
Werner Koch
51e5a5e5a4
dirmngr: Simplify error returning inside http.c.
* dirmngr/http.c (connect_server): Change to return an gpg_error_t
and to store socket at the passed address.
(http_raw_connect, send_request): Adjust accordingly.
--

This change removes cruft from the code and allows to return the error
code from the name lookup.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-24 20:52:24 +01:00
Werner Koch
af5979a42b
Fix format string errors and some missing error case initialization.
* common/logging.c (do_logv): Remove extra parentheses in comparison.

* dirmngr/dns-stuff.c (resolve_addr_libdns): Init RES so that
dns_res_close is given a defined value in the error case.

* dirmngr/http.c (cookie_read, cookie_write) [HTTP_USE_NTBTLS]: Fix
format string char.

* dirmngr/ks-engine-hkp.c (ks_hkp_help): Remove duplicate "const".
* dirmngr/ks-engine-http.c (ks_http_help): Ditto.
* dirmngr/ks-engine-kdns.c (ks_kdns_help): Ditto.
* dirmngr/ks-engine-ldap.c (ks_ldap_help): Ditto.

* scd/app-p15.c (send_keypairinfo, do_getattr): Fix format string
char.
* tools/gpgconf-comp.c (gpg_agent_runtime_change): Init PID for the
error case.
(scdaemon_runtime_change): Ditto.
(dirmngr_runtime_change): Ditto.

* tools/gpgconf.c (query_swdb): Init VALUE_SIZE_UL.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-23 16:33:01 +01:00
NIIBE Yutaka
367349b4dc dirmngr: Add setup of CA for NTBTLS.
* dirmngr/http.c [HTTP_USE_NTBTLS] (http_session_new): Add CA by
ntbtls_set_ca_chain.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-01-19 15:39:55 +09:00
Werner Koch
09aeac41c9
dirmngr: Fix Tor access for v6 addresses.
* dirmngr/http.c (use_socks): New.
(my_sock_new_for_addr): New.
(connect_server): Replace assuan_sock_new by my_sock_new_for_addr.
--

Libassuan always uses 127.0.0.1 to connect to the local Tor proxy.
https.c used to create a socket for the actual address family and thus
the connect call in Libassuan fails when it tries to connect to a v6
address using a v4 socket.

It would be cleaner to have the my_sock_new_for_addr function as a
public interface in Libassuan; for now we need to duplicate some code.
from Libassuan.

GnuPG-bug-id: 2902
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-11 16:41:15 +01:00
Werner Koch
02ab4b0085
dirmngr: Add debug code to http.c.
* dirmngr/http.c (opt_verbose, opt_debug): New vars.
(http_set_verbose): New function.
(_my_socket_new): Add debug output.
(_my_socket_ref, _my_socket_unref, session_unref): Call log_debug if
OPT_DEBUG has ben set to 2 in a debugger.
(http_session_new, http_session_ref): Ditto.
(send_request, http_start_data): Print debug output for the request.
(parse_response): Change to use log_debug_string for the response.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-11 10:42:44 +01:00
Werner Koch
c2cbe2f87c
dirmngr: Do not use a SRV record for HKP if a port was specified.
* dirmngr/http.h (parsed_uri_s): Add field EXPLICIT_PORT.
* dirmngr/http.c (do_parse_uri): That it.
* dirmngr/ks-engine-hkp.c (map_host): Add arg NO_SRV.
(make_host_part): Ditto.
(ks_hkp_resolve): Set NO_SRV from EXPLICIT_PORT.
(ks_hkp_search): Ditto.
(ks_hkp_get): Ditto.
(ks_hkp_put): Ditto.
--

This implements the behaviour of the keyserver helpers from 1.4 and
2.0.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-09 10:28:25 +01:00
Werner Koch
16078f3dee
dirmngr: Change internal SRV lookup API.
* dirmngr/dns-stuff.c (get_dns_srv): Add args SERVICE and PROTO.
* dirmngr/http.c (connect_server): Simplify SRV lookup.
* dirmngr/ks-engine-hkp.c (map_host): Ditto.
* dirmngr/t-dns-stuff.c (main): Adjust for changed get_dns_srv.
--

This new API is more convenient because it includes commonly used
code.  Note that right now http.c's SRV record code is not used.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-08 18:04:59 +01:00
Werner Koch
81c012787f
dirmngr: New option --resolver-timeout.
* dirmngr/dns-stuff.c (DEFAULT_TIMEOUT): New.
(opt_timeout): New var.
(set_dns_timeout): New.
(libdns_res_open): Set the default timeout.
(libdns_res_wait): Use configurable timeout.
(resolve_name_libdns): Ditto.

* dirmngr/dirmngr.c (oResolverTimeout): New const.
(opts): New option --resolver-timeout.
(parse_rereadable_options): Set that option.
(main) <aGPGConfList>: Add --nameserver and --resolver-timeout.
* tools/gpgconf-comp.c (gc_options_dirmngr): Add --resolver-timeout
and --nameserver.

* dirmngr/http.c (connect_server): Fix yesterday introduced bug in
error diagnostic.
--

This timeout is a pretty crude thing because libdns has a few other
internal timeouts as well.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-20 09:53:58 +01:00
Werner Koch
af8b68fae3
dirmngr: Fix problems with the getsrv function.
* dirmngr/dns-stuff.c (opt_debug, opt_verbose): New vars.
(set_dns_verbose): New func.
(libdns_switch_port_p): Add debug output.
(resolve_dns_name): Ditto.
(get_dns_cert): Ditto.
(get_dns_cname): Ditto.
(getsrv_libdns, getsrv_standard): Change SRVCOUNT to an unsigend int.
(getsrv): Rename to ...
((get_dns_srv): this.  Add arg R_COUNT and return an error.  Add debug
output.
* dirmngr/http.c: Adjust for chnaged getsrv().
* dirmngr/ks-engine-hkp.c (map_host): Ditto.
* dirmngr/t-dns-stuff.c (main): Ditto.  Call set_dns_verbose.
* dirmngr/dirmngr.c (parse_rereadable_options): Call set_dns_verbose.
--

Due to our switch to Libdns getsrv didn't worked correctly because it
returned -1 for an NXDOMAIN.  However, it is perfectly okay to have no
SRV record and thus we change the way this function is called to be
aligned with the other functions and also map NXDOMAIN to a zero SRV
record count.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-19 23:27:02 +01:00
NIIBE Yutaka
57aa42ce9b dirmngr: Improve ntbtls support.
* dirmngr/http.c [HTTP_USE_NTBTLS] (close_tls_session): Release.
(send_request): Call ntbtls_set_transport.
(cookie_read, cookie_write): Implement.
(cookie_close): Add initial implementation for ntbtls.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-12-14 16:17:03 +09:00