summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid Shaw <dshaw@jabberwocky.com>2009-05-11 05:52:34 +0200
committerDavid Shaw <dshaw@jabberwocky.com>2009-05-11 05:52:34 +0200
commita0627f5a2248ef8ac51992cd7997ce590da63af7 (patch)
tree5b5283a4b28354916b3c2f50f585c1006230768f
parentFrom 1.4: (diff)
downloadgnupg2-a0627f5a2248ef8ac51992cd7997ce590da63af7.tar.xz
gnupg2-a0627f5a2248ef8ac51992cd7997ce590da63af7.zip
* gpgkeys_hkp.c (send_key, get_key, get_name, search_key, main): Add
support for SSLized HKP.
-rw-r--r--keyserver/ChangeLog5
-rw-r--r--keyserver/gpgkeys_hkp.c57
2 files changed, 39 insertions, 23 deletions
diff --git a/keyserver/ChangeLog b/keyserver/ChangeLog
index 85eab3c89..2b403379d 100644
--- a/keyserver/ChangeLog
+++ b/keyserver/ChangeLog
@@ -1,7 +1,10 @@
2009-05-10 David Shaw <dshaw@jabberwocky.com>
From 1.4:
-
+
+ * gpgkeys_hkp.c (send_key, get_key, get_name, search_key, main):
+ Add support for SSLized HKP.
+
* curl-shim.h (curl_version): No need to provide a version for
curl-shim as it always matches the GnuPG version.
diff --git a/keyserver/gpgkeys_hkp.c b/keyserver/gpgkeys_hkp.c
index 3a4e57634..ef6fd7cb4 100644
--- a/keyserver/gpgkeys_hkp.c
+++ b/keyserver/gpgkeys_hkp.c
@@ -1,6 +1,6 @@
/* gpgkeys_hkp.c - talk to an HKP keyserver
- * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007
- * 2008 Free Software Foundation, Inc.
+ * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
+ * 2009 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@@ -53,6 +53,7 @@ static FILE *input,*output,*console;
static CURL *curl;
static struct ks_options *opt;
static char errorbuffer[CURL_ERROR_SIZE];
+static char *proto,*port;
static size_t
curl_mrindex_writer(const void *ptr,size_t size,size_t nmemb,void *stream)
@@ -181,13 +182,10 @@ send_key(int *r_eof)
strcpy(key,"keytext=");
strcat(key,encoded_key);
- strcpy(request,"http://");
+ strcpy(request,proto);
strcat(request,opt->host);
strcat(request,":");
- if(opt->port)
- strcat(request,opt->port);
- else
- strcat(request,"11371");
+ strcat(request,port);
strcat(request,opt->path);
/* request is MAX_URL+15 bytes long - MAX_URL covers the whole URL,
including any supplied path. The 15 covers /pks/add. */
@@ -248,13 +246,10 @@ get_key(char *getkey)
return KEYSERVER_NOT_SUPPORTED;
}
- strcpy(request,"http://");
+ strcpy(request,proto);
strcat(request,opt->host);
strcat(request,":");
- if(opt->port)
- strcat(request,opt->port);
- else
- strcat(request,"11371");
+ strcat(request,port);
strcat(request,opt->path);
/* request is MAX_URL+55 bytes long - MAX_URL covers the whole URL,
including any supplied path. The 60 overcovers this /pks/... etc
@@ -329,13 +324,10 @@ get_name(const char *getkey)
fprintf(output,"NAME %s BEGIN\n",getkey);
- strcpy(request,"http://");
+ strcpy(request,proto);
strcat(request,opt->host);
strcat(request,":");
- if(opt->port)
- strcat(request,opt->port);
- else
- strcat(request,"11371");
+ strcat(request,port);
strcat(request,opt->path);
append_path(request,"/pks/lookup?op=get&options=mr&search=");
strcat(request,searchkey_encoded);
@@ -415,13 +407,10 @@ search_key(const char *searchkey)
fprintf(output,"SEARCH %s BEGIN\n",searchkey);
- strcpy(request,"http://");
+ strcpy(request,proto);
strcat(request,opt->host);
strcat(request,":");
- if(opt->port)
- strcat(request,opt->port);
- else
- strcat(request,"11371");
+ strcat(request,port);
strcat(request,opt->path);
append_path(request,"/pks/lookup?op=index&options=mr&search=");
@@ -628,6 +617,27 @@ main(int argc,char *argv[])
}
}
+ if(!opt->scheme)
+ {
+ fprintf(console,"gpgkeys: no scheme supplied!\n");
+ ret=KEYSERVER_SCHEME_NOT_FOUND;
+ goto fail;
+ }
+
+ if(ks_strcasecmp(opt->scheme,"hkps")==0)
+ {
+ proto="https://";
+ port="443";
+ }
+ else
+ {
+ proto="http://";
+ port="11371";
+ }
+
+ if(opt->port)
+ port=opt->port;
+
if(!opt->host)
{
fprintf(console,"gpgkeys: no keyserver host provided\n");
@@ -661,6 +671,9 @@ main(int argc,char *argv[])
curl_easy_setopt(curl,CURLOPT_VERBOSE,1L);
}
+ curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,(long)opt->flags.check_cert);
+ curl_easy_setopt(curl,CURLOPT_CAINFO,opt->ca_cert_file);
+
if(proxy)
curl_easy_setopt(curl,CURLOPT_PROXY,proxy);