1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

99 Commits

Author SHA1 Message Date
Werner Koch
55b5928099
dirmngr: Change the default keyserver.
* configure.ac (DIRMNGR_DEFAULT_KEYSERVER): Change to
keyserver.ubuntu.com.

* dirmngr/certcache.c (cert_cache_init): Disable default pool cert.
* dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Ditto.
* dirmngr/http.c (http_session_new): Ditto.

* dirmngr/server.c (make_keyserver_item): Use a different mapping for
the gnupg.net names.
--

Due to the unfortunate shutdown of the keyserver pool, the long term
defaults won't work anymore.  Thus it is better to change them.

For https access keyserver.ubuntu.com is now used because it can be
expected that this server can stand the load from newer gnupg LTS
versions.

For http based access the Dutch Surfnet keyserver is used.  However
due to a non-standard TLS certificate this server can not easily be
made the default for https.

Note: that the default server will be changed again as soon as a new
connected keyserver infrastructure has been established.

(cherry picked from commit 47c4e3e00a7ef55f954c14b3c237496e54a853c1)
2021-08-24 18:09:56 +02:00
Werner Koch
1c96f4d663
dirmngr: Support pseudo URI scheme "opaque".
* dirmngr/http.h (HTTP_PARSE_NO_SCHEME_CHECK): New.
* dirmngr/http.c (http_parse_uri): Use this flag.  Change all callers
to use the new macro for better readability.
(do_parse_uri): Add pseudo scheme "opaque".
(uri_query_value): New.
--

This scheme can be used to convey arbitrary strings in a parsed_uri_t
object.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 72124fadafde153f8ac89a70202006d831829d06)
2021-06-16 11:54:47 +02:00
Jakub Jelen
25aa353bf8
dirmgr: Avoid double free
* dirmgr/http.c (http_prepare_redirect): Avoid double free
* dirmgr/ocsp.c (check_signature): Initialize pointer

--

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
GnuPG-bug-id: 5393
2021-05-20 14:33:35 +02:00
Jakub Jelen
0d2c1e9046
dirmgr: clean up memory on error code paths
* dirmgr/crlcache.c (finish_sig_check): goto leave instead of return
* dirmgr/http.c (send_request): free authstr and proxy_authstr
* dirmgr/ldap.c (start_cert_fetch_ldap): free proxy
* dirmgr/ocsp.c (check_signature): release s_hash

--

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
GnuPG-bug-id: 5393
2021-05-20 13:38:24 +02:00
Werner Koch
c94ee1386e
Replace all calls to access by gnupg_access
* common/sysutils.c (gnupg_access): New.  Replace all calls to access
by this wrapper.
* common/homedir.c (w32_shgetfolderpath): Change to return UTF-8
directory name.
(standard_homedir): Adjust for change.
(w32_commondir, gnupg_cachedir): Ditto.
--

Also use SHGetFolderPathW instead of SHGetFolderPathA on Windows.

This is required to correctly handle non-ascii filenames on Windows.

GnuPG-bug-id: 5098
2020-10-20 12:15:55 +02:00
Werner Koch
faabc49797
dirmngr: Align the gnutls use of CAs with the ntbtls code.
* dirmngr/http.c (http_session_new) <gnutls>: Use only the special
pool certificate for the default keyserver.
--

The gnutls version uses a different strategy than the ntbtls version
on when to use the special SKS pool certificate.  This patch aligns it
so that we don't need to wonder about different kind of bug reports.
In short the special cert is now the only cert use with the default
keyserver.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-10 10:50:39 +02:00
Werner Koch
05358d7384
dirmngr: Print the last alert message returned by NTBTLS.
* dirmngr/http.c (send_request): Print the last TLS alert.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-27 09:02:21 +02:00
NIIBE Yutaka
109d16e8f6 dirmngr: Handle EAFNOSUPPORT at connect_server.
* dirmngr/http.c (connect_server): Skip server with EAFNOSUPPORT.

--

GnuPG-bug-id: 4977
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-07-13 10:03:09 +09:00
Daniel Kahn Gillmor
0904b8ef34 Spelling cleanup.
No functional changes, just fixing minor spelling issues.

---

Most of these were identified from the command line by running:

  codespell \
    --ignore-words-list fpr,stati,keyserver,keyservers,asign,cas,iff,ifset \
    --skip '*.po,ChangeLog*,help.*.txt,*.jpg,*.eps,*.pdf,*.png,*.gpg,*.asc' \
    doc g13 g10 kbx agent artwork scd tests tools am common dirmngr sm \
    NEWS README README.maint TODO

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-02-18 18:07:46 -05:00
Werner Koch
264c15c72f
dirmngr: Rework of the LDAP code, part 1.
* dirmngr/http.h (struct parsed_uri_s): Add flag is_ldap.
* dirmngr/http.c (do_parse_uri): Set flag.  Do not error out for a
missing slashes in an http scheme if NO_SCHEME_CHECK is active.
* dirmngr/t-http.c (main): Print new flag.
* dirmngr/ks-engine-ldap.c (ks_ldap_help): Use flag instead of
checking the scheme.
* dirmngr/ldap-parse-uri.c (ldap_uri_p): Re-implement using
http_parse_uri.
* dirmngr/t-ldap-parse-uri.c (main): Add option --verbose.
--

This patch merely remove the separate parser for checking for an LDAP
scheme.  It is better to let our generic URI parser handle this.  Also
fixes this bug
       || url[4] == 'i' || url[4] == 'i')
to make the rarely used ldapi scheme case-insensitive.

More changes to the LDAP code are planned.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-26 13:09:35 +01:00
Werner Koch
1009e4e5f7
dirmngr: Make building with a TLS library mandatory
* configure.ac: Do not build dirmngr if no TLS is available.
* dirmngr/http.c: Remove all uses of the USE_TLS macro.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-26 12:02:27 +01:00
Werner Koch
ae9acb8745
dirmngr: Forward http redirect warnings to gpg.
* dirmngr/http.c: Include dirmngr-status.h
(http_prepare_redirect): Emit WARNING status lines for redirection
problems.
* dirmngr/http.h: Include fwddecl.h.
(struct http_redir_info_s): Add field ctrl.
* dirmngr/ks-engine-hkp.c (send_request): Set it.
* dirmngr/ks-engine-http.c (ks_http_fetch): Set it.
* g10/call-dirmngr.c (ks_status_cb): Detect the two new warnings.
--

This should make it easier to diagnose problems with bad WKD servers.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-18 18:24:02 +01:00
Werner Koch
12def3a84e
dirmngr: Use IPv4 or IPv6 interface only if available.
* dirmngr/dns-stuff.c (cached_inet_support): New variable.
(dns_stuff_housekeeping): New.
(check_inet_support): New.
* dirmngr/http.c (connect_server): Use only detected interfaces.
* dirmngr/dirmngr.c (housekeeping_thread): Flush the new cache.
--

This currently works only for Windows but that is where users really
ran into problems.  The old workaround was to configure disable-ipv4
or disable-ipv6.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-12 20:35:12 +01:00
NIIBE Yutaka
75e0ec6517 dirmngr: Don't add system CAs for SKS HKPS pool.
* dirmngr/http.c [HTTP_USE_GNUTLS] (http_session_new): Clear
add_system_cas.

GnuPG-bug-id: 4594
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-07-16 10:10:52 +09:00
Werner Koch
37f0c55c7b
dirmngr: Do not rewrite the redirection for the "openpgpkey" subdomain.
* dirmngr/http.c (same_host_p): Consider certain subdomains to be the
same.
--

GnuPG-bug-id: 4603
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-07-03 16:20:00 +02:00
Werner Koch
7098e4ce19
dirmngr: Add a CSRF expection for pm.me
--

Also comment typo fix.
2019-05-09 14:50:41 +02:00
Werner Koch
134c3c1652
dirmngr: Add CSRF protection exception for protonmail.
* dirmngr/http.c (same_host_p): Add exception table.
--

Please: Adding entries to this table shall be an exception and not the
rule.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-07 11:34:19 +01:00
Werner Koch
dc61f4ecea
dirmngr: New function http_status2string.
* dirmngr/http.c (http_status2string): New.
--

Right now only the standard 5xx codes.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-12-11 13:24:31 +01:00
Werner Koch
fa1b1eaa42
dirmngr: Avoid possible CSRF attacks via http redirects.
* dirmngr/http.h (parsed_uri_s): Add fields off_host and off_path.
(http_redir_info_t): New.
* dirmngr/http.c (do_parse_uri): Set new fields.
(same_host_p): New.
(http_prepare_redirect): New.
* dirmngr/t-http-basic.c: New test.
* dirmngr/ks-engine-hkp.c (send_request): Use http_prepare_redirect
instead of the open code.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
--

With this change a http query will not follow a redirect unless the
Location header gives the same host.  If the host is different only
the host and port is taken from the Location header and the original
path and query parts are kept.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-22 22:36:07 +01:00
Werner Koch
bd4048c533
dirmngr: Print a WARNING status for DNS config problems.
* dirmngr/dirmngr-status.h: New.
* dirmngr/dirmngr.h: Include dirmngr-status.h and move some prototypes
to that file.
* dirmngr/t-support.c: New.
* dirmngr/Makefile.am (dirmngr_SOURCES): Add dirmngr-status.h.
(t_common_src): Add t-support.c.
* dirmngr/server.c (dirmngr_status_printf): Bypass if CTRL is NULL.
* dirmngr/dns-stuff.c: Include dirmngr-status.h.
(libdns_init): Print WARNING status line.  Change call callers to take
and pass a CTRL argument.
* g10/call-dirmngr.c (ks_status_cb): Print info for new WARNING
status.
--

To test this you can change RESOLV_CONF_NAME in dns-stuff.c and run
gpg --recv-key -v SOMETHING.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-25 14:35:04 +02:00
Werner Koch
7b7576637d
Merge branch 'STABLE-BRANCH-2-2' into master
--

Resolved Conflicts:
	NEWS  - removed
	configure.ac - removed

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-13 13:29:40 +02:00
Werner Koch
bb8894760f
dirmngr: Add the used TLS library to the debug output.
* dirmngr/http.c (send_request): Print the used TLS library in debug
mode.
--

We allow two different TLS libararies and thus it is useful to see
that in the debug output of bug reports.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-25 15:25:26 +02:00
Werner Koch
705d8e9cf0
dirmngr: Implement CRL fetching via https.
* dirmngr/http.h (HTTP_FLAG_TRUST_CFG): New flag.
* dirmngr/http.c (http_register_cfg_ca): New.
(http_session_new) [HTTP_USE_GNUTLS]: Implement new trust flag.
* dirmngr/certcache.c (load_certs_from_dir): Call new function.
(cert_cache_deinit): Ditto.
* dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Ditto.
* dirmngr/ks-engine-http.c (ks_http_fetch): Add new args
'send_no_cache' and 'extra_http_trust_flags'.  Change all callers to
provide the default value.
* dirmngr/crlfetch.c (crl_fetch): Rewrite to make use of
ks_http_fetch.
--

The old code simply did not use https for downloading of CRLS.
Instead it rewrote https to http under the assumption that the CRL
service was also available without encryption.  Note that a CRL is
self-standing and thus it does not need to have extra authenticity as
provided by TLS.  These days we should not use any unencrypted content
and thus this patch.

Be aware that cacert.org give a https CRL DP but that currently
redirects to to http!  This is a downgrade attack which we detect and
don't allow.  The outcome is that it is right now not possible to use
CAcert certificates.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-25 12:38:04 +02:00
Werner Koch
b56dfdfc18
Use the gpgrt log functions if possible.
* common/logging.c: Do not build any code if we can use the gpgrt_log
functions.
(log_logv_with_prefix): Rename to log_logv_prefix and change order of
args so that this function matches its printf like counterpart
gpgrt_logv_prefix.  Change all callers.
(log_debug_with_string): Rename to log_debug_string. Change all
callers.
(log_printhex): Move first arg to end so that this function matches
its printf like counterpart gpgrt_log_printhex.  Change all callers.
* common/logging.h: Divert to gpgrt/libgpg-error if we can use the
gpgrt_log functions.
(bug_at): Add inline versions if we can use the gpgrt_log functions.
* configure.ac (GPGRT_ENABLE_LOG_MACROS): Add to AH_BOTTOM.
(mycflags): Add -Wno-format-zero-length.
--

This patch enables the use of the log function from libgpgrt (aka
libgpg-error).  Instead of checking a version number, we enable them
depending on macros set by recent gpg-error versions.  Eventually the
whole divert stuff can be removed.

The -Wno-format-zero-length is required because log_printhex can be
called with an empty format string.  Note that this is fully specified
standard C behaviour.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-27 15:00:25 +01:00
Werner Koch
482fd5758c
dirmngr,w32: Fix http connection timeout problem.
* dirmngr/http.c (connect_with_timeout) [W32]: Take care of EAGAIN.
--

GnuPG-bug-id: 3319
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-31 13:12:37 +02:00
Werner Koch
c5e5748480
dirmngr: Do not use a blocking connect in Tor mode.
* dirmngr/http.c (http_raw_connect): Disable the timeout in Tor mode.
(send_request): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-26 13:48:27 +02:00
NIIBE Yutaka
ade4b2744c dirmngr: More minor fix.
* dirmngr/http.c (send_request): Care the case of !USE_TLS.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-07-24 16:09:11 +09:00
NIIBE Yutaka
789401e955 dirmngr: More minor fixes.
* dirmngr/http.c (http_verify_server_credentials): Duplicated const.
* dirmngr/ldap.c (parse_one_pattern): Add comment.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-07-24 15:35:34 +09:00
NIIBE Yutaka
274602820c dirmngr: Minor fix for Windows.
* dirmngr/http.c (connect_with_timeout): Use FD2INT.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-07-24 15:30:56 +09:00
Justus Winter
da91d2106a
dirmngr: Implement TLS over http proxies.
* dirmngr/http.c (send_request): If a http proxy is to be used, and we
want to use TLS, try to use the CONNECT method to get a connection to
the target server.

GnuPG-bug-id: 2940
Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-19 12:14:30 +02:00
Justus Winter
e7eabe66b6
dirmngr: Log http response in debug mode.
* dirmngr/http.c (parse_response): Log http response in debug mode.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-19 12:14:28 +02:00
Justus Winter
1ba220e681
dirmngr: Amend TLS handling.
* dirmngr/http.c (http_wait_response): Get the 'use_tls' flag from the
write cookie, not from the URI.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-19 12:14:27 +02:00
Justus Winter
46a4a0c0e7
dirmngr: Fix connecting to http proxies.
* dirmngr/http.c (send_request): Do not use the 'srvtag' intended for
the target host to connect to the http proxy.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-19 12:14:25 +02:00
Justus Winter
73d4781e45
dirmngr: Fix handling of proxy URIs.
* dirmngr/http.c (send_request): We do not support socks4.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-19 11:18:39 +02:00
Justus Winter
b231959728
dirmngr: Honor http keyserver URLs.
* dirmngr/http.c (parse_uri): Keep an unmodified copy of the URI.
* dirmngr/http.h (struct parsed_uri_s): New field 'original'.
* dirmngr/ks-action.c (ks_action_get): Properly handle http and https
URLs.
--

If a key has a http or https URL as preferred keyserver, fetch the key
from there.  Previously, dirmngr unconditionally interpreted these
URLs as hkp servers.

GnuPG-bug-id: 2924
Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-18 13:56:33 +02:00
Justus Winter
ebb35ed711
dirmngr: Fix memory leak.
* dirmngr/http.c (parse_uri): Properly free partial results.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-18 13:49:24 +02:00
Justus Winter
3d670fa973
dirmngr: Fix memory leak.
* dirmngr/http.c (http_release_parsed_uri): Free 'params'.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-18 13:49:22 +02:00
Werner Koch
5b9025cfa1
dirmngr: Allow a timeout for HTTP and other TCP connects.
* dirmngr/http.c: Include fcntl.h.
(http_session_s): Add field 'connect_timeout'.
(http_session_new): Clear that.
(http_session_set_timeout): New function.
(my_wsagetlasterror) [W32]: New.
(connect_with_timeout): New function.
(connect_server): Add arg 'timeout' and call connect_with_timeout.
(send_request): Add arg 'timeout' and pass it to connect_server.
(http_raw_connect): Add arg 'timeout'.
(http_open): Pass TIMEOUT from the session to connect_server.
--

Note that the non-blocking connect we implement is traditional a
pretty non-portable thing due to slighly different semantics.  The
code uses the strategy W. Richard Stevens suggested in 1998.
Hopefully current OS versions got it all right.

The code has not been tested on Windows.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-08 09:37:36 +02:00
NIIBE Yutaka
5c8fe54809 Spelling fixes in docs and comments.
--

In addition, fix trailing spaces in tests/inittests.

GnuPG-bug-id: 3121
Reported-by: ka7 (klemens)
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-28 10:06:33 +09:00
NIIBE Yutaka
0d0a7efa8f dirmngr: Fix API difference for Windows.
* dirmngr/http.c (read_server, write_server): Use assuan_fd_t.
(http_wait_response): Use FD2INT to get unsigned integer fd.
(read_server, write_server): Likewise.
(simple_cookie_read, simple_cookie_write): Use assuan_fd_t.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-18 09:03:14 +09:00
NIIBE Yutaka
4771bad610 dirmngr: More fix for Windows.
* dirmngr/http.c (simple_cookie_read, simple_cookie_write): Only
valid with HTTP_USE_NTBTLS.
(_my_socket_new): Simply cast to int since it's for debug.
(_my_socket_ref, _my_socket_unref): Likewise.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-14 08:32:49 +09:00
NIIBE Yutaka
86dcb03134 dirmngr: Fix http.c for sockaddr_storage.
dirmngr/http.c (use_socks): Use sockaddr_storage.
(my_sock_new_for_addr, connect_server): Likewise.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-13 14:46:57 +09:00
NIIBE Yutaka
6755b3b505 dirmngr: Fix type of sock.
* dirmngr/http.c (send_request): Use assuan_fd_t for SOCK.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-12 20:50:50 +09:00
Werner Koch
69c521df42
dirmngr: Ignore warning alerts in the GNUTLS handshake.
* dirmngr/http.c (send_request) [GNUTLS]: Don't bail out on warning
alerts.
--

GnuPG-bug-id: 2833
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-17 12:50:35 +01:00
NIIBE Yutaka
70aca95d68 Remove -I option to common.
* dirmngr/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common.
* g10/Makefile.am (AM_CPPFLAGS): Ditto.
* g13/Makefile.am (AM_CPPFLAGS): Ditto.
* kbx/Makefile.am (AM_CPPFLAGS): Ditto.
* scd/Makefile.am (AM_CPPFLAGS): Ditto.
* sm/Makefile.am (AM_CPPFLAGS): Ditto.
* tools/Makefile.am (AM_CPPFLAGS): Ditto.
* Throughout: Follow the change.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-07 20:25:54 +09:00
Werner Koch
1890896fe6
dirmngr: Rearrange files to fix de6d831.
* dirmngr/http-common.c: New.
* dirmngr/http-common.h: New.
* dirmngr/Makefile.am (dirmngr_SOURCES): Add them.
(t_http_SOURCES): Add them.
(t_ldap_parse_uri_SOURCES): Add them.
* dirmngr/misc.c (get_default_keyserver): Move to ...
* dirmngr/http-common.c: here.
* dirmngr/http.c: Include http-common.h instead of misc.h.
* dirmngr/http-ntbtls.c: Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-02 18:35:03 +01:00
Werner Koch
de6d8313f6
dirmngr: Let --gpgconf-list return the default keyserver.
* dirmngr/misc.c (get_default_keyserver): New.
* dirmngr/http.c: Include misc.h
(http_session_new): Use get_default_keyserver instead of hardwired
"hkps.pool.sks-keyservers.net".
* dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Ditto.
* dirmngr/dirmngr.c (main) <aGPGCongList>: Return default keyserver.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-02 17:58:58 +01:00
Werner Koch
22b69b9edf
dirmngr: Add new debug flag "extprog"
* dirmngr/dirmngr.h (DBG_EXTPROG_VALUE, DBG_EXTPROG): New macros.
* dirmngr/dirmngr.c (debug_flags): Add flag "extprog".
(handle_connections): Use a macro instead of -1 for an invalid socket.
* dirmngr/loadswdb.c (verify_status_cb): Debug the gpgv call.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-23 20:14:16 +01:00
Werner Koch
a42bf00b4e
dirmngr,w32: Make https with ntbtls work.
* dirmngr/http.c (simple_cookie_functions): New.
(send_request) [HTTP_USE_NTBTLS, W32]: Use es_fopencookie.
(cookie_read): Factor some code out to ...
(read_server): new.
(simple_cookie_read, simple_cookie_write) [W32]: New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-23 10:30:58 +01:00
Yuri Chornoivan
24cf0606b4 Clean up word replication.
--

This fixes extra word repetitions (like "the the" or "is is") in the
code and docs.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-02-21 13:11:46 -05:00