diff options
| author | David Shaw <dshaw@jabberwocky.com> | 2005-02-12 04:15:02 +0100 |
|---|---|---|
| committer | David Shaw <dshaw@jabberwocky.com> | 2005-02-12 04:15:02 +0100 |
| commit | 2833a0eadcc5e95d164974afddb421afcff3bca9 (patch) | |
| tree | f18c33d1f4b9d4eb1da58d26cea832515fba3c81 /keyserver | |
| parent | * curl-shim.h, curl-shim.c: New. This is code to fake the curl API in (diff) | |
| download | gnupg2-2833a0eadcc5e95d164974afddb421afcff3bca9.tar.xz gnupg2-2833a0eadcc5e95d164974afddb421afcff3bca9.zip | |
* curl-shim.c (curl_easy_perform): Fix compile warning.
* curl-shim.h, gpgkeys_curl.c (main), gpgkeys_ldap.c (main): Add
ca-cert-file option, to pass in the SSL cert.
Diffstat (limited to 'keyserver')
| -rw-r--r-- | keyserver/ChangeLog | 5 | ||||
| -rw-r--r-- | keyserver/curl-shim.c | 2 | ||||
| -rw-r--r-- | keyserver/curl-shim.h | 3 | ||||
| -rw-r--r-- | keyserver/gpgkeys_curl.c | 24 | ||||
| -rw-r--r-- | keyserver/gpgkeys_ldap.c | 35 |
5 files changed, 67 insertions, 2 deletions
diff --git a/keyserver/ChangeLog b/keyserver/ChangeLog index 0a0ab1ac5..5734e0c9b 100644 --- a/keyserver/ChangeLog +++ b/keyserver/ChangeLog @@ -1,5 +1,10 @@ 2005-02-11 David Shaw <dshaw@jabberwocky.com> + * curl-shim.c (curl_easy_perform): Fix compile warning. + + * curl-shim.h, gpgkeys_curl.c (main), gpgkeys_ldap.c (main): Add + ca-cert-file option, to pass in the SSL cert. + * curl-shim.h, curl-shim.c: New. This is code to fake the curl API in terms of the current HTTP iobuf API. diff --git a/keyserver/curl-shim.c b/keyserver/curl-shim.c index 623d685f7..088d65fc2 100644 --- a/keyserver/curl-shim.c +++ b/keyserver/curl-shim.c @@ -129,7 +129,7 @@ CURLcode curl_easy_perform(CURL *curl) } else { - size_t maxlen=1024,buflen,len; + unsigned int maxlen=1024,buflen,len; byte *line=NULL; while((len=iobuf_read_line(curl->hd.fp_read,&line,&buflen,&maxlen))) diff --git a/keyserver/curl-shim.h b/keyserver/curl-shim.h index eb91af33d..906d4345c 100644 --- a/keyserver/curl-shim.h +++ b/keyserver/curl-shim.h @@ -42,7 +42,8 @@ typedef enum CURLOPT_STDERR, CURLOPT_VERBOSE, CURLOPT_SSL_VERIFYPEER, - CURLOPT_PROXY + CURLOPT_PROXY, + CURLOPT_CAINFO } CURLoption; typedef size_t (*write_func)(char *buffer,size_t size, diff --git a/keyserver/gpgkeys_curl.c b/keyserver/gpgkeys_curl.c index 7c3dcb3c7..c2d51f2ee 100644 --- a/keyserver/gpgkeys_curl.c +++ b/keyserver/gpgkeys_curl.c @@ -158,6 +158,7 @@ main(int argc,char *argv[]) char *thekey=NULL; unsigned int timeout=DEFAULT_KEYSERVER_TIMEOUT; long follow_redirects=5,debug=0,check_cert=1; + char *ca_cert_file=NULL; console=stderr; @@ -344,6 +345,26 @@ main(int argc,char *argv[]) else check_cert=1; } + else if(strncasecmp(start,"ca-cert-file",12)==0) + { + if(no) + { + free(ca_cert_file); + ca_cert_file=NULL; + } + else if(start[12]=='=') + { + free(ca_cert_file); + ca_cert_file=strdup(&start[13]); + if(!ca_cert_file) + { + fprintf(console,"gpgkeys: out of memory while creating " + "ca_cert_file\n"); + ret=KEYSERVER_NO_MEMORY; + goto fail; + } + } + } continue; } @@ -406,6 +427,9 @@ main(int argc,char *argv[]) curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,check_cert); + if(ca_cert_file) + curl_easy_setopt(curl,CURLOPT_CAINFO,ca_cert_file); + if(proxy[0]) curl_easy_setopt(curl,CURLOPT_PROXY,proxy); diff --git a/keyserver/gpgkeys_ldap.c b/keyserver/gpgkeys_ldap.c index d6b280a62..94c6fb626 100644 --- a/keyserver/gpgkeys_ldap.c +++ b/keyserver/gpgkeys_ldap.c @@ -1549,6 +1549,7 @@ main(int argc,char *argv[]) int version,failed=0,use_ssl=0,use_tls=0,bound=0,check_cert=1; struct keylist *keylist=NULL,*keyptr=NULL; unsigned int timeout=DEFAULT_KEYSERVER_TIMEOUT; + char *ca_cert_file=NULL; console=stderr; @@ -1776,6 +1777,26 @@ main(int argc,char *argv[]) else if(start[7]=='\0') timeout=DEFAULT_KEYSERVER_TIMEOUT; } + else if(strncasecmp(start,"ca-cert-file",12)==0) + { + if(no) + { + free(ca_cert_file); + ca_cert_file=NULL; + } + else if(start[12]=='=') + { + free(ca_cert_file); + ca_cert_file=strdup(&start[13]); + if(!ca_cert_file) + { + fprintf(console,"gpgkeys: out of memory while creating " + "ca_cert_file\n"); + ret=KEYSERVER_NO_MEMORY; + goto fail; + } + } + } continue; } @@ -1787,6 +1808,20 @@ main(int argc,char *argv[]) return KEYSERVER_INTERNAL_ERROR; } +#if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS_CACERTFILE) + if(ca_cert_file) + { + err=ldap_set_option(NULL,LDAP_OPT_X_TLS_CACERTFILE,ca_cert_file); + if(err!=LDAP_SUCCESS) + { + fprintf(console,"gpgkeys: unable to set ca-cert-file: %s\n", + ldap_err2string(err)); + ret=KEYSERVER_INTERNAL_ERROR; + goto fail; + } + } +#endif /* HAVE_LDAP_SET_OPTION && LDAP_OPT_X_TLS_CACERTFILE */ + /* SSL trumps TLS */ if(use_ssl) use_tls=0; |