summaryrefslogtreecommitdiffstats
path: root/dirmngr (follow)
Commit message (Collapse)AuthorAgeFilesLines
* dirmngr: Change the default keyserver.Werner Koch2021-08-244-47/+53
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | * configure.ac (DIRMNGR_DEFAULT_KEYSERVER): Change to keyserver.ubuntu.com. * dirmngr/certcache.c (cert_cache_init): Disable default pool cert. * dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Ditto. * dirmngr/http.c (http_session_new): Ditto. * dirmngr/server.c (make_keyserver_item): Use a different mapping for the gnupg.net names. -- Due to the unfortunate shutdown of the keyserver pool, the long term defaults won't work anymore. Thus it is better to change them. For https access keyserver.ubuntu.com is now used because it can be expected that this server can stand the load from newer gnupg LTS versions. For http based access the Dutch Surfnet keyserver is used. However due to a non-standard TLS certificate this server can not easily be made the default for https. Note: that the default server will be changed again as soon as a new connected keyserver infrastructure has been established. (cherry picked from commit 47c4e3e00a7ef55f954c14b3c237496e54a853c1)
* build: Simplify for string.h and getopt.h.NIIBE Yutaka2021-08-051-3/+0
| | | | | | | | | | | | | * configure.ac (AC_CHECK_HEADERS): Remove string.h and getopt.h. * dirmngr/ks-engine-ldap.c: Remove including getopt.h. * tools/make-dns-cert.c: Likewise. -- Checking string.h is supported by AC_HEADER_STDC. Use of getopt.h is only needed for getopt_long of GNU extention. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr: Fix regression in KS_GET for mail address pattern.Werner Koch2021-06-211-1/+39
| | | | | | | | | | | | | | | * dirmngr/ks-engine-hkp.c (ks_hkp_search): Munge mail address pattern. (ks_hkp_get): Allow for mail addresses. - Before the keyserver changes in 2.2.28 gpg passed dirmngr a pail address as an exact pattern (e.g. "=foo@example.org"). Since 2.2.28 the mail address is detected gpg gpg and we see for example "<foo@example.org>". This patch fixes this to turn a mail address into an exact match again. GnuPG-bug-id: 5497 Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr: Fix build with --disable-ldap.NIIBE Yutaka2021-06-161-0/+2
| | | | | | | | | | | * dirmngr/dirmngr.c (parse_rereadable_options) [USE_LDAP]: Conditionalize. -- Reported-by: Phil Pennock Signed-off-by: NIIBE Yutaka <gniibe@fsij.org> (cherry picked from commit c8b2162c0e7eb42b74811b7ed225fa0f56be4083)
* dirmngr: Allow to pass no filter args to dirmngr_ldap.Werner Koch2021-06-161-5/+11
| | | | | | | | | | | * dirmngr/dirmngr_ldap.c (main): Handle no args case. -- This is required for example for CRLs. The old code did not require this because the hos was taken from the URL given has arg. Signed-off-by: Werner Koch <wk@gnupg.org> (cherry picked from commit f6e45671aa26f3e7abb968a876de7bbdb4fca3f1)
* dirmngr: Rewrite the LDAP wrapper toolWerner Koch2021-06-1612-694/+1250
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/ldap-misc.c: New. * dirmngr/ldap-misc.h: New. * dirmngr/ks-engine-ldap.c: Include ldap-misc.h. (ldap_err_to_gpg_err, ldap_to_gpg_err): Move to ldap-misc.c. * dirmngr/ldap-wrapper.c (ldap_wrapper): Print list of args in debug mode. * dirmngr/server.c (lookup_cert_by_pattern): Handle GPG_ERR_NOT_FOUND the saqme as GPG_ERR_NO_DATA. * dirmngr/ldap.c (run_ldap_wrapper): Add args tls_mode and ntds. Remove arg url. Adjust for changes in dirmngr_ldap. (url_fetch_ldap): Remove args host and port. Parse the URL and use these values to call run_ldap_wrapper. (attr_fetch_ldap): Pass tls flags to run_ldap_wrapper. (rfc2254_need_escape, rfc2254_escape): New. (extfilt_need_escape, extfilt_escape): New. (parse_one_pattern): Rename to ... (make_one_filter): this. Change for new dirmngr_ldap calling convention. Make issuer DN searching partly work. (escape4url, make_url): Remove. (start_cert_fetch_ldap): Change for new dirmngr_ldap calling convention. * dirmngr/dirmngr_ldap.c: Major rewrite. * dirmngr/t-ldap-misc.c: New. * dirmngr/t-support.h (DIM, DIMof): New. * dirmngr/Makefile.am (dirmngr_ldap_SOURCES): Add ldap-misc.c (module_tests) [USE_LDAP]: Add t-ldap-misc. (t_ldap_parse_uri_SOURCES): Ditto. (t_ldap_misc_SOURCES): New. -- This rewrite allows to properly handle TLS and avoids some code duplication. Signed-off-by: Werner Koch <wk@gnupg.org> (cherry picked from commit 39815c023f0371dea01f7c51469b19c06ad18718)
* dirmngr: Remove useless code.Werner Koch2021-06-161-5/+0
| | | | | | | | | | * dirmngr/ks-engine-ldap.c (my_ldap_connect): Remove the password_param thing because we set the password directly without an intermediate var. -- Reported-by: Ingo Kloecker (cherry picked from commit 8bd5172539e1399b407aa2a9d56fa51b8e040ae3)
* dirmngr: Fix default port for our redefinition of ldaps.Werner Koch2021-06-162-31/+43
| | | | | | | | | | * dirmngr/server.c (make_keyserver_item): Fix default port for ldaps. Move a tmpstr out of the blocks. * dirmngr/ks-engine-ldap.c (my_ldap_connect): Improve diagnostics. -- Signed-off-by: Werner Koch <wk@gnupg.org> (cherry picked from commit 8de9d54ac83fa20cb52b847b643311841be4d6dc)
* dirmngr: Use --ldaptimeout for OpenPGP LDAP keyservers.Werner Koch2021-06-162-4/+20
| | | | | | | | | | | | | | | * dirmngr/ks-engine-ldap.c (my_ldap_connect): Use LDAP_OPT_TIMEOUT. * dirmngr/dirmngr.c (main): Move --ldaptimeout setting to ... (parse_rereadable_options): here. -- Note that this has not yet been tested. In fact a test with OpenLDAP using a modified route got stuck in the connection attempt. Maybe it works on Windows - will be tested later. Signed-off-by: Werner Koch <wk@gnupg.org> (cherry picked from commit 317d5947b84ae2707e46b89fb0d8318c07174e13)
* dirmngr: New option --ldapserverWerner Koch2021-06-163-6/+91
| | | | | | | | | | | | | | | | | * dirmngr/dirmngr.c (opts): Add option --ldapserver. (ldapserver_list_needs_reset): New var. (parse_rereadable_options): Implement option. (main): Ignore dirmngr_ldapservers.conf if no --ldapserver is used. * dirmngr/server.c (cmd_ldapserver): Add option --clear and list configured servers if none are given. -- This option allows to specify LDAP keyserver in dirmngr instead of using gpgsm.conf. Signed-off-by: Werner Koch <wk@gnupg.org> (cherry picked from commit ff17aee5d10c8c5ab902253fb4332001c3fc3701)
* dirmngr: Allow for non-URL specified ldap keyservers.Werner Koch2021-06-167-168/+367
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/server.c (cmd_ldapserver): Strip an optional prefix. (make_keyserver_item): Handle non-URL ldap specs. * dirmngr/dirmngr.h (struct ldap_server_s): Add fields starttls, ldap_over_tls, and ntds. * dirmngr/ldapserver.c (ldapserver_parse_one): Add for an empty host string. Improve error messages for the non-file case. Support flags. * dirmngr/ks-action.c (ks_action_help): Handle non-URL ldap specs. (ks_action_search, ks_action_get, ks_action_put): Ditto. * dirmngr/ks-engine-ldap.c: Include ldapserver.h. (ks_ldap_help): Handle non-URL ldap specs. (my_ldap_connect): Add args r_host and r_use_tls. Rewrite to support URLs and non-URL specified keyservers. (ks_ldap_get): Adjust for changes in my_ldap_connect. (ks_ldap_search): Ditto. (ks_ldap_put): Ditto. -- The idea here is to unify our use of URLS or colon delimited ldap keyserver specification. The requirement for percent escaping, for example the bindname in an URLs, is cumbersome and prone to errors. This we allow our classic colon delimited format as an alternative. That format makes it also easy to specify flags to tell dirmngr whether to use starttls or ldap-over-tls. The code is nearly 100% compatible to existing specification. There is one ambiguity if the hostname for CRL/X509 searches is just "ldap"; this can be solved by prefixing it with "ldap:" (already implemented in gpgsm). GnuPG-bug-id: 5405, 5452 Ported-from: 2b4cddf9086faaf5b35f64a7db97a5ce8804c05b
* dirmngr: Support pseudo URI scheme "opaque".Werner Koch2021-06-167-18/+36
| | | | | | | | | | | | | | | * dirmngr/http.h (HTTP_PARSE_NO_SCHEME_CHECK): New. * dirmngr/http.c (http_parse_uri): Use this flag. Change all callers to use the new macro for better readability. (do_parse_uri): Add pseudo scheme "opaque". (uri_query_value): New. -- This scheme can be used to convey arbitrary strings in a parsed_uri_t object. Signed-off-by: Werner Koch <wk@gnupg.org> (cherry picked from commit 72124fadafde153f8ac89a70202006d831829d06)
* dirmgr: Avoid double freeJakub Jelen2021-05-202-3/+1
| | | | | | | | | | * dirmgr/http.c (http_prepare_redirect): Avoid double free * dirmgr/ocsp.c (check_signature): Initialize pointer -- Signed-off-by: Jakub Jelen <jjelen@redhat.com> GnuPG-bug-id: 5393
* dirmgr: clean up memory on error code pathsJakub Jelen2021-05-204-6/+16
| | | | | | | | | | | | * dirmgr/crlcache.c (finish_sig_check): goto leave instead of return * dirmgr/http.c (send_request): free authstr and proxy_authstr * dirmgr/ldap.c (start_cert_fetch_ldap): free proxy * dirmgr/ocsp.c (check_signature): release s_hash -- Signed-off-by: Jakub Jelen <jjelen@redhat.com> GnuPG-bug-id: 5393
* dirmngr: For KS_SEARCH return the fingerprint also with LDAP.Werner Koch2021-05-191-48/+80
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/ks-engine-ldap.c (extract_keys): Return the fingerprint if available. (ks_ldap_search): Ditto. (extract_keys): Make sure to free the ldap values also in corner cases. (my_ldap_value_free): New. (ks_ldap_get): Ditto. (ks_ldap_search): Ditto. (my_ldap_connect): Ditto. -- For background see these comments from gpgme: /* The output for external keylistings in GnuPG is different from all the other key listings. We catch this here with a special preprocessor that reformats the colon handler lines. */ /* The format is: pub:<keyid>:<algo>:<keylen>:<creationdate>:<expirationdate>:<flags> as defined in 5.2. Machine Readable Indexes of the OpenPGP HTTP Keyserver Protocol (draft). Modern versions of the SKS keyserver return the fingerprint instead of the keyid. We detect this here and use the v4 fingerprint format to convert it to a key id. We want: pub:o<flags>:<keylen>:<algo>:<keyid>:<creatdate>:<expdate>:::::::: */ Regarding the freeing of values: I was not able to find a specification stating it is okay to pass NULL to ldap_value_free, thus the new wrapper. Also add robustness measures in case ldap_get_value returns an empty array. GnuPG-bug-id: 5441 Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr: LDAP search by a mailbox now ignores revoked keys.Werner Koch2021-05-171-1/+2
| | | | | | | | | | | | | | | | | * dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Ignore revoked and disable keys in mail mode. -- The LDAP schema has a revoked and a disabled flag. The former will be set if a revoked key is uploaded; the latter can be set by other means. With this change a search by mailbox does not anymore return keys with these LDAP attributes set. This allows to better maintain a directory with multiple keys per mailbox. Doing the same for expired keys could also be done but requires more effort. Signed-off-by: Werner Koch <wk@gnupg.org>
* Support log-file option from common.conf for all daemon.Werner Koch2021-04-201-2/+29
| | | | | | | | | | | | | | | | * agent/gpg-agent.c: Include comopt.h. (main): Read log-file option from common.conf. (reread_configuration): Ditto. * dirmngr/dirmngr.c: Include comopt.h. (main): Read log-file option from common.conf. (reread_configuration): Ditto. * kbx/keyboxd.c: Include comopt.h. (main): Read log-file option from common.conf. (reread_configuration): Ditto. * scd/scdaemon.c: Include comopt.h. (main): Read log-file option from common.conf. Signed-off-by: Werner Koch <wk@gnupg.org>
* gpg: Lookup a missing public key of the current card via LDAP.Werner Koch2021-04-163-5/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/getkey.c (get_seckey_default_or_card): Lookup a missing public key from the current card via LDAP. * g10/call-dirmngr.c: Include keyserver-intetnal.h. (gpg_dirmngr_ks_get): Rename arg quick into flags. Take care of the new LDAP flag. * g10/keyserver-internal.h (KEYSERVER_IMPORT_FLAG_QUICK): New. Replace the use of the value 1 for the former quick arg. (KEYSERVER_IMPORT_FLAG_LDAP): New. * g10/keyserver.c (keyserver_get_chunk): Increase the reserved line length. * dirmngr/ks-action.c (ks_action_get): Add arg ldap_only. * dirmngr/server.c (cmd_ks_get): Add option --ldap. -- This change makes it easy to start working with gnupg: Just insert the smartcard or token provided to you and the first time you sign a message the public key associated with the current card will be imported and everything is set without any configuration. This works only with an LDAP directory because it can be expected that the public key has been put into the LDAP during card personalization. Of course an LDAP server needs to be configured; in a Windows AD domain this can be a mere "keyserver ldap:///" in dirmngr.conf. Other configured keyservers are ignored. Requirements for the card driver: The $SIGNKEYID attribute must exists and a query for the KEY-FPR attribute needs to return the OpenPGP fingerprint for that key. This is currently supported for OpenPGP cards and certain PKCS#15 cards. Signed-off-by: Werner Koch <wk@gnupg.org>
* gpg: Do not use self-sigs-only for LDAP keyserver imports.Werner Koch2021-04-131-1/+7
| | | | | | | | | | | | | | * dirmngr/ks-engine-ldap.c (ks_ldap_get): Print a SOURCE status. * g10/options.h (opts): New field expl_import_self_sigs_only. * g10/import.c (parse_import_options): Set it. * g10/keyserver.c (keyserver_get_chunk): Add special options for LDAP. -- I can be assumed that configured LDAP servers are somehow curated and not affected by rogue key signatures as the HKP servers are. Thus we can allow the import of key signature from LDAP keyservers by default. GnuPG-bug-id: 5387
* w32: Silence a compiler warning in dirmngr.cWerner Koch2021-03-151-3/+3
| | | | --
* dirmngr: Support new gpgNtds parameter in LDAP keyserver URLs.Werner Koch2021-02-172-14/+23
| | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/ldap-parse-uri.c (ldap_parse_uri): Support a new gpgNtds extension. * dirmngr/ks-engine-ldap.c (my_ldap_connect): Do ldap_init always with hostname - which is NULL and thus the same if not given. Fix minor error in error code handling. -- Note that "gpgNtds" is per RFC-4512 case insensitive and has not yet been officially regisetered. Thus for correctness the OID can be used: 1.3.6.1.4.1.11591.2.5 LDAP URL extensions 1.3.6.1.4.1.11591.2.5.1 gpgNtds=1 (auth. with current user) Note that the value must be 1; all other values won't enable AD authentication and are resevered for future use. This has been cherry-picked from the 2.2 branch, commit 55f46b33df08e8e0ea520ade5f73b321bc01d705 Signed-off-by: Werner Koch <wk@gnupg.org>
* Require Libgcrypt 1.9Werner Koch2021-01-192-6/+21
| | | | | | | | | | | * configure.ac: Require at least Libgcrypt 1.9.0. Remove all GCRYPT_VERSION_NUMBER dependent code. -- Only Libgcrypt 1.9 implements EAX which is a mandatory algorithm in RFC4880bis. Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr: Do not block threads in LDAP keyserver calls.Werner Koch2020-12-181-6/+38
| | | | | | | | | | | | | | | | | | * dirmngr/ks-engine-ldap.c: Wrap some ldap calls. -- The former gpgkeys_ldap module has once been ported to dirmngr but unfortunately the dirmngr_ldap wrapper has not been used so that we have internal LDAP calls with these problems: - No usable timeouts. - On non-Windows platforms a lot of extra libs and possibly even a second copy of Libgcrypt is pulled in. - Only one threads runs at a time. This patch mitigates the last point. Signed-off-by: Werner Koch <wk@gnupg.org>
* gpg: New AKL method "ntds"Werner Koch2020-12-171-6/+19
| | | | | | | | | | | * dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Change the new support for KEYDB_SEARCH_MODE_MAIL. (ks_ldap_get): Add a debug. * g10/options.h (AKL_NTDS): New. * g10/keyserver.c (keyserver_import_ntds): New. (keyserver_get_chunk): Allow KEYDB_SEARCH_MODE_MAIL. * g10/getkey.c (parse_auto_key_locate): Support "ntds". (get_pubkey_byname): Ditto.
* dirmngr: Support "ldap:///" for the current AD user.Werner Koch2020-12-173-15/+54
| | | | | | | | | | | * dirmngr/http.h (struct parsed_uri_s): Add field ad_current. * dirmngr/ldap-parse-uri.c (ldap_parse_uri): Set it. * dirmngr/ks-engine-ldap.c (my_ldap_connect): Take care of ad_current. -- Ported from 2.2. Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr: Allow LDAP searches via fingerprint.Werner Koch2020-12-171-23/+41
| | | | | | | | | * dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Add arg serverinfo and allow searching by fingerprint. (ks_ldap_get, ks_ldap_search): First connect then create teh filter. -- With the new schema we can finally search by fingerprint.
* dirmngr: Store all version 2 schema attributes.Werner Koch2020-12-151-45/+85
| | | | | | | | | | * g10/call-dirmngr.c (ks_put_inq_cb): Emit "fpr" records. * dirmngr/ks-engine-ldap.c (extract_attributes): Add args extract-state and schemav2. Add data for the new schema version. remove the legacy code to handle UIDs in the "pub" line. (ks_ldap_put): Set new attributes for NTDS use the fingerprint as CN. Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr: Support the new Active Directory schemaWerner Koch2020-12-141-106/+141
| | | | | | | | | | | | | | | | | | | | | | * dirmngr/ks-engine-ldap.c (SERVERINFO_): New constants. (my_ldap_connect): Relace args pgpkeyattrp and real_ldapp by a new serverinfo arg. Set the new info flags. (ks_ldap_get): Adjust for change. (ks_ldap_search): Ditto. (ks_ldap_put): Ditto. Replace xmalloc by xtrymalloc. Change the DN for use with NTDS (aka Active Directory). * doc/ldap/gnupg-ldap-init.ldif (pgpSoftware): Update definition of pgpVersion. * doc/ldap/gnupg-ldap-ad-init.ldif: New. * doc/ldap/gnupg-ldap-ad-schema.ldif: New. -- This is a first take on better Active Directory support. The main change for NTDS in the code is that the an top-RDN of CN is used instead of the old pgpCertID. More changes to come; for example using and storing the fingerprint. Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr: Do not store the useless pgpSignerID in the LDAP.Werner Koch2020-12-143-10/+5
| | | | | | | | | | | | | | | | | | | | | | | * dirmngr/ks-engine-ldap.c (extract_attributes): Do not store the pgpSignerID. * g10/call-dirmngr.c (ks_put_inq_cb): Do not emit sig records. -- The pgpSignerID has no use in the LDAP and thus don't store it. David's idea back in 2004 was /* This bit is really for the benefit of people who store their keys in LDAP servers. It makes it easy to do queries for things like "all keys signed by Isabella". */ See-commit: 3ddd4410aef928827e1c8d4fb02c1ccd3f8eaea5 I consider this dangerous because such a query is not able to validate the signature, does not get revocation signatures, and also has no information about the validity of the signatures. Further many keys are spammed tehse days with faked signatures and it does not make sense to blow up the LDAP with such garbage. Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr: Fix adding keys to an LDAP server.Werner Koch2020-12-141-2/+2
| | | | | | | | | | | | | | * dirmngr/ks-engine-ldap.c (ks_ldap_put): Extract attribites into addlist. -- The code used the wrong list which resulting in adding attributes marked for deletion. In particular Active Directory does not accept such an data and rejects them. The bug was introduced into 2.1 while porting the code from the old keyserver helpers to dirmngr. Fixes-commit: 51341badb623927f2a358588c725a356fc77dbe7 Signed-off-by: Werner Koch <wk@gnupg.org>
* gpgconf: Also print revision of libksba.Werner Koch2020-11-191-3/+4
| | | | | | | | | | | | * dirmngr/dirmngr.c (get_revision_from_blurb): Fix detection of empty string. (gpgconf_versions): Print ksba revision. -- The latest Libksba version support retrieving of the revision (commit) id. We now use that or print a question mark. Signed-off-by: Werner Koch <wk@gnupg.org>
* w32: Replace some fopen by es_fopen.Werner Koch2020-11-111-16/+16
| | | | | | | | | | | * agent/protect-tool.c (read_file): Replace fopen by es_fopen. * dirmngr/dirmngr-client.c (read_pem_certificate): Ditto. (read_certificate): Ditto. * g10/keydb.c (rt_from_file): Ditto. * kbx/kbxutil.c (read_file): Ditto. * g10/plaintext.c (get_output_file) [__riscos__]: Remove code. Signed-off-by: Werner Koch <wk@gnupg.org>
* common: New functions gnupg_opendir et al.Werner Koch2020-10-213-19/+15
| | | | | | | | | | | * common/sysutils.h (struct gnupg_dirent_s): New. * common/sysutils.c: Include dirent.h. (struct gnupg_dir_s): New. (gnupg_opendir, gnupg_readdir, gnupg_closedir): New. Change all callers of opendir, readdir, and closedir to use these functions. -- GnuPG-bug-id: 5098
* Replace all calls to stat by gnupg_stat.Werner Koch2020-10-202-2/+2
| | | | | | | | | | | * common/sysutils.c (gnupg_stat): New. * common/sysutils.h: Include sys/stat.h. -- Yet another wrapper for Unicode support on Windows. GnuPG-bug-id: 5098 Signed-off-by: Werner Koch <wk@gnupg.org>
* Replace most calls to open by a new wrapper.Werner Koch2020-10-201-2/+2
| | | | | | | | | | | | * common/sysutils.c (any8bitchar) [W32]: New. (gnupg_open): New. Replace most calls to open by this. * common/iobuf.c (any8bitchar) [W32]: New. (direct_open) [W32]: Use CreateFileW if needed. -- This is yet another step for full Unicode support on Windows. GnuPG-bug-id: 5098
* Replace all calls to access by gnupg_accessWerner Koch2020-10-203-8/+8
| | | | | | | | | | | | | | | | * common/sysutils.c (gnupg_access): New. Replace all calls to access by this wrapper. * common/homedir.c (w32_shgetfolderpath): Change to return UTF-8 directory name. (standard_homedir): Adjust for change. (w32_commondir, gnupg_cachedir): Ditto. -- Also use SHGetFolderPathW instead of SHGetFolderPathA on Windows. This is required to correctly handle non-ascii filenames on Windows. GnuPG-bug-id: 5098
* dirmngr: Minor cleanup for better readability.Werner Koch2020-10-053-29/+29
| | | | | | | | | | * dirmngr/ldap.c (start_default_fetch_ldap): Rename to start_cacert_fetch_ldap and remove arg attr. Instead use "cACertificate" directly. * dirmngr/crlfetch.c (ca_cert_fetch): Change the only caller. (start_cert_fetch_ldap): Rename arg for clarity. Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr: Add warning on the use of --add-servers.Werner Koch2020-10-051-1/+6
| | | | | * tools/gpgconf-comp.c (known_options_dirmngr): Degrade add-servers to expert mode.
* gpgconf: New option --show-versions.Werner Koch2020-10-021-1/+67
| | | | | | | | | | | | | | | | | | | * tools/gpgconf.c: Include exechelp.h. New option --show-versions. (get_revision_from_blurb): New. (show_version_gnupg): New. (show_version_libgcrypt): New. (show_version_gpgrt): New. (show_versions_via_dirmngr): New. (show_versions): New. * tools/gpgconf-comp.c (GPGNAME): Remove unused macro. * dirmngr/dirmngr.c (main): New internal option --gpgconf-versions. (get_revision_from_blurb): New. (gpgconf_versions): New. -- This option should be helpful to gather information for debugging. Signed-off-by: Werner Koch <wk@gnupg.org>
* common,agent,dirmngr,g10,tools: Fix split_fields API.NIIBE Yutaka2020-09-181-2/+2
| | | | | | | | | | | | | | | | | | | | | | | * common/stringhelp.h (split_fields): Use const * for the strings in the ARRAY. (split_fields_colon): Likewise. * common/stringhelp.c (split_fields, split_fields_colon): Fix the implementation. * agent/call-scd.c, agent/command.c: Follow the change. * common/t-stringhelp.c, dirmngr/loadswdb.c: Likewise. * g10/call-agent.c, tools/card-call-scd.c: Likewise. * tools/card-yubikey.c, tools/gpg-card.c: Likewise. * tools/gpg-card.h, tools/gpg-wks-client.c: Likewise. * tools/gpgconf-comp.c, tools/gpgconf.c: Likewise. * tools/wks-util.c: Likewise. -- The strings in the ARRAY don't need to be released by caller, as those are references. It's easier to follow the code when it's explicitly const *. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* gpg-connect-agent: Catch signals so that SIGPIPE is ignored.Werner Koch2020-09-101-1/+1
| | | | | | | | | | | | | * dirmngr/server.c (cmd_killdirmngr): Return 0. * tools/gpg-connect-agent.c (main): Catch signals. -- And we also print nicer diagnostics. The reason we need this is that for example "gpgconf --kill dirmngr" uses gpg-connect-agent to send a command to dirmngr. This may results in a SIGPIPE which in turn leads to an annoying error message from gpgconf. Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr: Fix the pool keyserver case for a single host in the pool.Werner Koch2020-09-101-1/+20
| | | | | * dirmngr/ks-engine-hkp.c (map_host): Set R_HOSTNAME also for localhost and if there is no pool.
* dirmngr: Align the gnutls use of CAs with the ntbtls code.Werner Koch2020-09-103-10/+18
| | | | | | | | | | | | | | * dirmngr/http.c (http_session_new) <gnutls>: Use only the special pool certificate for the default keyserver. -- The gnutls version uses a different strategy than the ntbtls version on when to use the special SKS pool certificate. This patch aligns it so that we don't need to wonder about different kind of bug reports. In short the special cert is now the only cert use with the default keyserver. Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr: Print the last alert message returned by NTBTLS.Werner Koch2020-08-271-0/+8
| | | | | | * dirmngr/http.c (send_request): Print the last TLS alert. Signed-off-by: Werner Koch <wk@gnupg.org>
* build: New configure option --disable-testsWerner Koch2020-08-201-0/+4
| | | | | | | | * configure.ac: Add option --disable-tests. Print warnings in the summary. (DISABLE_TESTS): New am_conditional. -- GnuPG-bug-id: 4960
* dns: Fix memory use-after-free.NIIBE Yutaka2020-08-191-0/+6
| | | | | | | | | | * dirmngr/dns.c (dns_res_stub): Fix RESCONF usage. -- Note that this is dead code. It is for making a static analyzer happy. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* Silence compiler warnings.NIIBE Yutaka2020-08-191-1/+1
| | | | | | | | | | * common/openpgp-oid.c (map_openpgp_pk_to_gcry): Use cast for enum conversion. * dirmngr/dns-stuff.c (get_dns_srv): Use explicit conversion from int to float. * sm/gpgsm.c (parse_keyserver_line): Initialize ERR. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* w32: Add link to $(NETLIB) for -lws2_32.NIIBE Yutaka2020-07-301-1/+1
| | | | | | | | | | | * dirmngr/Makefile.am (dirmngr_LDADD): Add $(NETLIBS). * sm/Makefile.am (gpgsm_LDADD): Ditto. * tools/Makefile.am (gpg_wks_client_LDADD): Ditto. -- GnuPG-bug-id: 4994 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* Revert patches applied wrongly.NIIBE Yutaka2020-07-281-0/+10
| | | | | | | | | -- In the experiment for 4994, and patches were wrongly applied. Fixes-commit: 46d185f60397f68830bfdfb99627b29aea5016f1 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd: PC/SC: Don't release the context when it's in use.NIIBE Yutaka2020-07-171-10/+0
| | | | | | | | | | * scd/apdu.c (close_pcsc_reader): Check if it's not in the loop. -- GnuPG-bug-id: 4998 Reported-by: Kevin Locke Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-03 08:44:45 +0100