dirmngr: Support https for KS_FETCH.

* dirmngr/ks-engine-hkp.c (cert_log_cb): Move to ...
* dirmngr/misc.c (cert_log_cb): here.
* dirmngr/ks-engine-http.c (ks_http_fetch): Support 307-redirection
and https.
--

Note that this requires that the root certificates are registered using
the --hkp-cacert option.  Eventually we may introduce a separate
option to allow using different CAs for KS_FETCH and keyserver based
requests.

1 files changed, 0 insertions, 34 deletions

diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
index 762ab4ab0..12b1778c6 100644
--- a/dirmngr/ks-engine-hkp.c
+++ b/dirmngr/ks-engine-hkp.c
@@ -880,40 +880,6 @@ ks_hkp_housekeeping (time_t curtime)
 }
 
 
-/* Callback to print infos about the TLS certificates.  */
-static void
-cert_log_cb (http_session_t sess, gpg_error_t err,
-             const char *hostname, const void **certs, size_t *certlens)
-{
-  ksba_cert_t cert;
-  size_t n;
-
-  (void)sess;
-
-  if (!err)
-    return; /* No error - no need to log anything  */
-
-  log_debug ("expected hostname: %s\n", hostname);
-  for (n=0; certs[n]; n++)
-    {
-      err = ksba_cert_new (&cert);
-      if (!err)
-        err = ksba_cert_init_from_mem (cert, certs[n], certlens[n]);
-      if (err)
-        log_error ("error parsing cert for logging: %s\n", gpg_strerror (err));
-      else
-        {
-          char textbuf[20];
-          snprintf (textbuf, sizeof textbuf, "server[%u]", (unsigned int)n);
-          dump_cert (textbuf, cert);
-        }
-
-      ksba_cert_release (cert);
-    }
-}
-
-
-
 /* Send an HTTP request.  On success returns an estream object at
    R_FP.  HOSTPORTSTR is only used for diagnostics.  If HTTPHOST is
    not NULL it will be used as HTTP "Host" header.  If POST_CB is not