gpgsm: Allow sepcification of ldaps servers.

* sm/gpgsm.h (struct keyserver_spec): Add field use_ldaps.
* sm/gpgsm.c (parse_keyserver_line): Parse flags.
* sm/call-dirmngr.c (prepare_dirmngr): Send ldaps flag to the dirmngr.

* dirmngr/dirmngr.h (struct ldap_server_s): Add field use_ldaps.
* dirmngr/ldapserver.c (ldapserver_parse_one): Parse flags.
* dirmngr/ldap.c (start_cert_fetch_ldap): Call wrapper with --tls.

* dirmngr/dirmngr_ldap.c: New option --tls.
(fetch_ldap): Make use of that option.
--

There was no way to specify an LDAPS server in
dirmngr_ldapserver.socnf or with gpgsm's --keyserver option.  This
patch fixes this.  Eventually we should allow to replace host and port
by a partial URI in the same way ldap_initialize does it.  For backward
compatibility we do not yet do that.

Although the dirmngr code accepts an URL (eg. taken from a
certificate), I can't see how the scheme was ever used.  Thus the
patch also detects an ldaps scheme and uses this.  That part has not
been tested, though.

Signed-off-by: Werner Koch <wk@gnupg.org>

1 files changed, 5 insertions, 1 deletions

diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi
index c841de77e..a6fafbb14 100644
--- a/doc/dirmngr.texi
+++ b/doc/dirmngr.texi
@@ -406,10 +406,14 @@ client for its session. The default value for @var{file} is
 
 This server list file contains one LDAP server per line in the format
 
-@sc{hostname:port:username:password:base_dn}
+@sc{hostname:port:username:password:base_dn:flags}
 
 Lines starting with a  @samp{#} are comments.
 
+The only defined flag is @code{ldaps} to specify that a TLS
+connections shall be used.  Flags are comma delimited; unknown flags
+are ignored.
+
 Note that as usual all strings entered are expected to be UTF-8 encoded.
 Obviously this will lead to problems if the password has originally been
 encoded as Latin-1.  There is no other solution here than to put such a