diff options
| -rw-r--r-- | dirmngr/http.c | 17 | ||||
| -rw-r--r-- | dirmngr/http.h | 2 | ||||
| -rw-r--r-- | dirmngr/ks-engine-hkp.c | 1 | ||||
| -rw-r--r-- | dirmngr/ks-engine-http.c | 1 | ||||
| -rw-r--r-- | g10/call-dirmngr.c | 4 |
5 files changed, 24 insertions, 1 deletions
diff --git a/dirmngr/http.c b/dirmngr/http.c index c6dc077da..56399a2f9 100644 --- a/dirmngr/http.c +++ b/dirmngr/http.c @@ -101,6 +101,7 @@ #include "../common/i18n.h" #include "../common/sysutils.h" /* (gnupg_fd_t) */ #include "dns-stuff.h" +#include "dirmngr-status.h" /* (dirmngr_status_printf) */ #include "http.h" #include "http-common.h" @@ -3634,13 +3635,23 @@ http_prepare_redirect (http_redir_info_t *info, unsigned int status_code, * https address. */ if (info->orig_onion && !locuri->onion) { + dirmngr_status_printf (info->ctrl, "WARNING", + "http_redirect %u" + " redirect from onion to non-onion address" + " rejected", + err); http_release_parsed_uri (locuri); return gpg_error (GPG_ERR_FORBIDDEN); } if (!info->allow_downgrade && info->orig_https && !locuri->use_tls) { + err = gpg_error (GPG_ERR_FORBIDDEN); + dirmngr_status_printf (info->ctrl, "WARNING", + "http_redirect %u" + " redirect '%s' to '%s' rejected", + err, info->orig_url, location); http_release_parsed_uri (locuri); - return gpg_error (GPG_ERR_FORBIDDEN); + return err; } if (info->trust_location) @@ -3720,6 +3731,10 @@ http_prepare_redirect (http_redir_info_t *info, unsigned int status_code, http_release_parsed_uri (locuri); if (!info->silent) log_info (_("redirection changed to '%s'\n"), newurl); + dirmngr_status_printf (info->ctrl, "WARNING", + "http_redirect_cleanup %u" + " changed from '%s' to '%s'", + 0, info->orig_url, newurl); } *r_url = newurl; diff --git a/dirmngr/http.h b/dirmngr/http.h index 492e86726..01546374e 100644 --- a/dirmngr/http.h +++ b/dirmngr/http.h @@ -32,6 +32,7 @@ #define GNUPG_COMMON_HTTP_H #include <gpg-error.h> +#include "../common/fwddecl.h" struct uri_tuple_s { @@ -106,6 +107,7 @@ typedef struct http_context_s *http_t; struct http_redir_info_s { unsigned int redirects_left; /* Number of still possible redirects. */ + ctrl_t ctrl; /* The usual connection info or NULL. */ const char *orig_url; /* The original requested URL. */ unsigned int orig_onion:1; /* Original request was an onion address. */ unsigned int orig_https:1; /* Original request was a http address. */ diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c index f8814ecd0..653e164ea 100644 --- a/dirmngr/ks-engine-hkp.c +++ b/dirmngr/ks-engine-hkp.c @@ -1215,6 +1215,7 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr, err = http_parse_uri (&uri, request, 0); if (err) goto leave; + redirinfo.ctrl = ctrl; redirinfo.orig_url = request; redirinfo.orig_onion = uri->onion; redirinfo.allow_downgrade = 1; diff --git a/dirmngr/ks-engine-http.c b/dirmngr/ks-engine-http.c index a84a3a1ea..007bbc99d 100644 --- a/dirmngr/ks-engine-http.c +++ b/dirmngr/ks-engine-http.c @@ -82,6 +82,7 @@ ks_http_fetch (ctrl_t ctrl, const char *url, unsigned int flags, err = http_parse_uri (&uri, url, 0); if (err) goto leave; + redirinfo.ctrl = ctrl; redirinfo.orig_url = url; redirinfo.orig_onion = uri->onion; redirinfo.orig_https = uri->use_tls; diff --git a/g10/call-dirmngr.c b/g10/call-dirmngr.c index 8f83c087f..58829c764 100644 --- a/g10/call-dirmngr.c +++ b/g10/call-dirmngr.c @@ -414,6 +414,10 @@ ks_status_cb (void *opaque, const char *line) warn = _("Tor is not properly configured"); else if ((s2 = has_leading_keyword (s, "dns_config_problem"))) warn = _("DNS is not properly configured"); + else if ((s2 = has_leading_keyword (s, "http_redirect"))) + warn = _("unacceptable HTTP redirect from server"); + else if ((s2 = has_leading_keyword (s, "http_redirect_cleanup"))) + warn = _("unacceptable HTTP redirect from server was cleaned up"); else warn = NULL; |