5 files changed, 37 insertions, 5 deletions

diff --git a/dirmngr/ks-engine-ldap.c b/dirmngr/ks-engine-ldap.c
index 52a14a11c..67c456ce3 100644
--- a/dirmngr/ks-engine-ldap.c
+++ b/dirmngr/ks-engine-ldap.c
@@ -964,7 +964,7 @@ ks_ldap_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec,
   {
     /* The ordering is significant.  Specifically, "pgpcertid" needs
        to be the second item in the list, since everything after it
-       may be discarded we aren't in verbose mode. */
+       may be discarded if we aren't in verbose mode. */
     char *attrs[] =
       {
 	"dummy",
@@ -1014,6 +1014,7 @@ ks_ldap_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec,
       /* The set of entries that we've seen.  */
       strlist_t seen = NULL;
       LDAPMessage *each;
+      int anykey = 0;
 
       for (npth_unprotect (),
              each = ldap_first_entry (ldap_conn, message),
@@ -1066,6 +1067,7 @@ ks_ldap_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec,
 		      es_fprintf (fp, "\nKEY 0x%s END\n", certid[0]);
 
 		      ldap_value_free (vals);
+                      anykey = 1;
 		    }
 		}
 	    }
@@ -1077,6 +1079,10 @@ ks_ldap_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec,
 
       if (! fp)
 	err = gpg_error (GPG_ERR_NO_DATA);
+
+      if (!err && anykey)
+        err = dirmngr_status_printf (ctrl, "SOURCE", "%s://%s",
+                                     uri->scheme, uri->host? uri->host:"");
     }
   }
 
diff --git a/doc/gpg.texi b/doc/gpg.texi
index e94edde22..9f2a62d0e 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -2010,7 +2010,9 @@ are available for all keyserver types, some common options are:
 @end table
 
 The default list of options is: "self-sigs-only, import-clean,
-repair-keys, repair-pks-subkey-bug, export-attributes".
+repair-keys, repair-pks-subkey-bug, export-attributes". However, if
+the actual used source is an LDAP server "no-self-sigs-only" is
+assumed unless "self-sigs-only" has been explictly configured.
 
 
 @item --completes-needed @var{n}
diff --git a/g10/import.c b/g10/import.c
index 8e82edec1..62ee2a46e 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -225,8 +225,20 @@ parse_import_options(char *str,unsigned int *options,int noisy)
       {NULL,0,NULL,NULL}
     };
   int rc;
+  int saved_self_sigs_only;
+
+  /* We need to set a flag indicating wether the user has set
+   * IMPORT_SELF_SIGS_ONLY or it came from the default.  */
+  saved_self_sigs_only = (*options & IMPORT_SELF_SIGS_ONLY);
+  saved_self_sigs_only &= ~IMPORT_SELF_SIGS_ONLY;
 
   rc = parse_options (str, options, import_opts, noisy);
+
+  if (rc && (*options & IMPORT_SELF_SIGS_ONLY))
+    opt.flags.expl_import_self_sigs_only = 1;
+  else
+    *options |= saved_self_sigs_only;
+
   if (rc && (*options & IMPORT_RESTORE))
     {
       /* Alter other options we want or don't want for restore.  */
diff --git a/g10/keyserver.c b/g10/keyserver.c
index 0b3718050..c4a1d5e19 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -1740,9 +1740,12 @@ keyserver_get_chunk (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
   if (opt.verbose && source)
     log_info ("data source: %s\n", source);
 
+
+
   if (!err)
     {
       struct ks_retrieval_screener_arg_s screenerarg;
+      unsigned int options;
 
       /* FIXME: Check whether this comment should be moved to dirmngr.
 
@@ -1756,12 +1759,18 @@ keyserver_get_chunk (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
          never accept or send them but we better protect against rogue
          keyservers. */
 
+      /* For LDAP servers we reset IMPORT_SELF_SIGS_ONLY unless it has
+       * been set explicitly.  */
+      options = (opt.keyserver_options.import_options | IMPORT_NO_SECKEY);
+      if (source && (!strncmp (source, "ldap:", 5)
+                     || !strncmp (source, "ldaps:", 6))
+          && !opt.flags.expl_import_self_sigs_only)
+        options &= ~IMPORT_SELF_SIGS_ONLY;
+
       screenerarg.desc = desc;
       screenerarg.ndesc = *r_ndesc_used;
       import_keys_es_stream (ctrl, datastream, stats_handle,
-                             r_fpr, r_fprlen,
-                             (opt.keyserver_options.import_options
-                              | IMPORT_NO_SECKEY),
+                             r_fpr, r_fprlen, options,
                              keyserver_retrieval_screener, &screenerarg,
                              only_fprs? KEYORG_KS : 0,
                              source);
diff --git a/g10/options.h b/g10/options.h
index 958d3fb87..fca23cb5c 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -256,6 +256,9 @@ struct
     unsigned int force_sign_key:1;
     /* On key generation do not set the ownertrust.  */
     unsigned int no_auto_trust_new_key:1;
+    /* The next flag is set internally iff IMPORT_SELF_SIGS_ONLY has
+     * been set by the user and is not the default value.  */
+    unsigned int expl_import_self_sigs_only:1;
   } flags;
 
   /* Linked list of ways to find a key if the key isn't on the local