diff options
| author | Werner Koch <wk@gnupg.org> | 2019-11-18 18:23:04 +0100 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2019-11-18 18:26:55 +0100 |
| commit | d9c7935188483dae381c12e7eef19072bbade4b3 (patch) | |
| tree | ef9db43e7de0a46eec8216d173cfc53ab76b79ff /g10 | |
| parent | dirmngr: Forward http redirect warnings to gpg. (diff) | |
| download | gnupg2-d9c7935188483dae381c12e7eef19072bbade4b3.tar.xz gnupg2-d9c7935188483dae381c12e7eef19072bbade4b3.zip | |
dirmngr,gpg: Better diagnostic in case of bad TLS certificates.
* doc/DETAILS: Specify new status code "NOTE".
* dirmngr/ks-engine-http.c (ks_http_fetch): Print a NOTE status for a
bad TLS certificate.
* g10/call-dirmngr.c (ks_status_cb): Detect this status.
--
For example a
gpg -v --locate-external-keys dd9jn@posteo.net
now yields
gpg: Note: server uses an invalid certificate
gpg: (further info: bad cert for 'posteo.net': \
Hostname does not match the certificate)
gpg: error retrieving 'dd9jn@posteo.net' via WKD: Wrong name
gpg: error reading key: Wrong name
(without -v the "further info" line is not shown). Note that even
after years Posteo is not able to provide a valid certificate for
their .net addresses. Anyway, this help to show the feature.
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'g10')
| -rw-r--r-- | g10/call-dirmngr.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/g10/call-dirmngr.c b/g10/call-dirmngr.c index 58829c764..88fd97eb1 100644 --- a/g10/call-dirmngr.c +++ b/g10/call-dirmngr.c @@ -395,6 +395,7 @@ ks_status_cb (void *opaque, const char *line) gpg_error_t err = 0; const char *s, *s2; const char *warn; + int is_note = 0; if ((s = has_leading_keyword (line, parm->keyword? parm->keyword : "SOURCE"))) { @@ -406,7 +407,8 @@ ks_status_cb (void *opaque, const char *line) err = gpg_error_from_syserror (); } } - else if ((s = has_leading_keyword (line, "WARNING"))) + else if ((s = has_leading_keyword (line, "WARNING")) + || (is_note = !!(s = has_leading_keyword (line, "NOTE")))) { if ((s2 = has_leading_keyword (s, "tor_not_running"))) warn = _("Tor is not running"); @@ -418,12 +420,17 @@ ks_status_cb (void *opaque, const char *line) warn = _("unacceptable HTTP redirect from server"); else if ((s2 = has_leading_keyword (s, "http_redirect_cleanup"))) warn = _("unacceptable HTTP redirect from server was cleaned up"); + else if ((s2 = has_leading_keyword (s, "tls_cert_error"))) + warn = _("server uses an invalid certificate"); else warn = NULL; if (warn) { - log_info (_("WARNING: %s\n"), warn); + if (is_note) + log_info (_("Note: %s\n"), warn); + else + log_info (_("WARNING: %s\n"), warn); if (s2) { while (*s2 && !spacep (s2)) |