diff options
| author | Werner Koch <wk@gnupg.org> | 2019-11-09 11:29:59 +0100 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2019-11-09 11:29:59 +0100 |
| commit | 6e1c99bc397382f1ea2ba9d61a64328410adc95f (patch) | |
| tree | 500d648dee81be8d0219f611d2c69547b1c2be31 /sm | |
| parent | doc: Document gpgsm's --keyserver option. (diff) | |
| download | gnupg2-6e1c99bc397382f1ea2ba9d61a64328410adc95f.tar.xz gnupg2-6e1c99bc397382f1ea2ba9d61a64328410adc95f.zip | |
gpgsm: Allow sepcification of ldaps servers.
* sm/gpgsm.h (struct keyserver_spec): Add field use_ldaps.
* sm/gpgsm.c (parse_keyserver_line): Parse flags.
* sm/call-dirmngr.c (prepare_dirmngr): Send ldaps flag to the dirmngr.
* dirmngr/dirmngr.h (struct ldap_server_s): Add field use_ldaps.
* dirmngr/ldapserver.c (ldapserver_parse_one): Parse flags.
* dirmngr/ldap.c (start_cert_fetch_ldap): Call wrapper with --tls.
* dirmngr/dirmngr_ldap.c: New option --tls.
(fetch_ldap): Make use of that option.
--
There was no way to specify an LDAPS server in
dirmngr_ldapserver.socnf or with gpgsm's --keyserver option. This
patch fixes this. Eventually we should allow to replace host and port
by a partial URI in the same way ldap_initialize does it. For backward
compatibility we do not yet do that.
Although the dirmngr code accepts an URL (eg. taken from a
certificate), I can't see how the scheme was ever used. Thus the
patch also detects an ldaps scheme and uses this. That part has not
been tested, though.
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'sm')
| -rw-r--r-- | sm/call-dirmngr.c | 5 | ||||
| -rw-r--r-- | sm/gpgsm.c | 36 | ||||
| -rw-r--r-- | sm/gpgsm.h | 1 |
3 files changed, 39 insertions, 3 deletions
diff --git a/sm/call-dirmngr.c b/sm/call-dirmngr.c index bff7dd652..f3fe1d663 100644 --- a/sm/call-dirmngr.c +++ b/sm/call-dirmngr.c @@ -223,8 +223,9 @@ prepare_dirmngr (ctrl_t ctrl, assuan_context_t ctx, gpg_error_t err) char *pass = server->pass ? server->pass : ""; char *base = server->base ? server->base : ""; - snprintf (line, DIM (line), "LDAPSERVER %s:%i:%s:%s:%s", - server->host, server->port, user, pass, base); + snprintf (line, DIM (line), "LDAPSERVER %s:%i:%s:%s:%s:%s", + server->host, server->port, user, pass, base, + server->use_ldaps? "ldaps":""); assuan_transact (ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); /* The code below is not required because we don't return an error. */ diff --git a/sm/gpgsm.c b/sm/gpgsm.c index f5837079d..2cd3b0c4f 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -817,9 +817,17 @@ parse_keyserver_line (char *line, { char *p; char *endp; + const char *s; struct keyserver_spec *server; int fieldno; int fail = 0; + int i; + + if (!filename) + { + filename = "[cmd]"; + lineno = 0; + } /* Parse the colon separated fields. */ server = xcalloc (1, sizeof *server); @@ -833,7 +841,7 @@ parse_keyserver_line (char *line, { case 1: if (*p) - server->host = xstrdup (p); + server->host = xstrdup (p); else { log_error (_("%s:%u: no hostname given\n"), @@ -868,6 +876,32 @@ parse_keyserver_line (char *line, server->base = xstrdup (p); break; + case 6: + { + char **flags = NULL; + + flags = strtokenize (p, ","); + if (!flags) + log_fatal ("strtokenize failed: %s\n", + gpg_strerror (gpg_error_from_syserror ())); + + for (i=0; (s = flags[i]); i++) + { + if (!*s) + ; + else if (!ascii_strcasecmp (s, "ldaps")) + server->use_ldaps = 1; + else if (!ascii_strcasecmp (s, "ldap")) + server->use_ldaps = 0; + else + log_info (_("%s:%u: ignoring unknown flag '%s'\n"), + filename, lineno, s); + } + + xfree (flags); + } + break; + default: /* (We silently ignore extra fields.) */ break; diff --git a/sm/gpgsm.h b/sm/gpgsm.h index 65fff853a..43793dcdf 100644 --- a/sm/gpgsm.h +++ b/sm/gpgsm.h @@ -48,6 +48,7 @@ struct keyserver_spec char *user; char *pass; char *base; + unsigned int use_ldaps:1; }; |