| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* common/http.c (send_request): Print TLS alert info
(connect_server): Detect bogus DNS entry.
--
1. Prints the TLS alert description.
2. Detect case where the DNS returns an IP address but the server is
not reachable at this address. This may happen for a server which
is reachable only at IPv6 but but the local machine has no full
IPv6 configuration.
|
| |
|
|
|
|
|
| |
* common/http.c (write_server) [W32]: Rework to use send() instead of
write even when build with npth.
(cookie_read) [W32]: Rework to use recv() instead of read even when
build with npth.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac (NEED_NTBTLS_ABI, NEED_NTBTLS_VERSION): New.
(HTTP_USE_NTBTLS): New. Prefer over GNUTLS.
* m4/ntbtls.m4: New.
* m4/Makefile.am (EXTRA_DIST): Add new file.
* common/http.c: Add conditionals to eventually use NTBTLS.
--
This is only the configure stuff. If you have NTBTLS installed GNUTLS
will not be used but there won't be any https support either :-(.
This patch is used to have a real world test bench for the forthcoming
library.
|
| |
|
|
|
|
|
|
|
|
| |
* common/http.c (http_session_ref): Allow for NULL arg.
--
We always test for a an existing session and thus passing NULL as
session object should be allowed.
Reported-by: Jens Lechtenboerger
|
| |
|
|
|
|
|
|
|
|
| |
* configure.ac (NEED_GPG_ERROR_VERSION): Reguire 1.14.
(GPGRT_ENABLE_ES_MACROS): Define.
(estream_INIT): Remove.
* m4/estream.m4: Remove.
* common/estream-printf.c, common/estream-printf.h: Remove.
* common/estream.c, common/estream.h: Remove.
* common/init.c (_init_common_subsystems): Call gpgrt initialization.
|
| |
|
|
|
| |
* common/http.c (send_gnutls_bye): Take care of EAGAIN et al.
(http_verify_server_credentials): Print a human readable status.
|
| |
|
|
|
|
| |
* common/http.c (http_session_s): Add field cert_log_cb.
(http_session_set_log_cb): New.
(http_verify_server_credentials): Call callback.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* common/http.c (http_open): Add arg httphost.
(http_open_document): Pass NULL for httphost.
(send_request): Add arg httphost. If given, use HTTPHOST instead of
SERVER. Use https with a proxy if requested.
(http_verify_server_credentials): Do not stop at the first error
message.
* dirmngr/ocsp.c (do_ocsp_request): Adjust call to http_open.
* keyserver/curl-shim.c (curl_easy_perform): Ditto.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/ks-engine-hkp.c (ks_hkp_help): Ditto.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/http.c (http_session_t): Add field "refcount".
(_my_socket_new, _my_socket_ref, _my_socket_unref): Add debug code.
(send_request, my_npth_read, my_npth_write): Use SOCK object for the
transport ptr.
(http_session_release): Factor all code out to ...
(session_unref): here. Deref SOCK.
(http_session_new): Init refcount and transport ptr.
(http_session_ref): New. Ref and unref all assignments.
--
Having the reference counted session objects makes it easier for the
application to pass around only an estream. Without that the
application would need to implement an es_onclose machinery for the
session object.
|
| |
|
|
|
|
|
|
|
|
|
| |
* common/http.c (http_parse_uri): Factor code out to ...
(parse_uri): here. Add arg FORCE_TLS.
(do_parse_uri): Ditto. Implement flag.
(http_get_tls_info): New.
(http_register_tls_ca): Allow clearing of the list.
(send_request): Use a default verification function.
* common/http.h (HTTP_FLAG_FORCE_TLS): New.
* common/t-http.c (main): Add several command line options.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac (NEED_GNUTLS_VERSION): New.
(HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst.
* common/http.h (http_session_t): New.
* common/http.c: Remove compatibility for gnutls < 3.0.
(http_session_s): New.
(cookie_s): Replace gnutls_session_t by http_session_t.
(tls_callback, tls_ca_certlist): New variables.
(my_socket_unref): Add preclose args.
(my_npth_read, my_npth_write): New.
(make_header_line): Fix bug using int* instead of char*.
(http_register_tls_callback): New.
(http_register_tls_ca): New.
(http_session_new): New.
(http_session_release): New.
(http_get_header_names): New.
(escape_data): Add hack to escape in forms mode.
(send_request) [HTTP_USE_GNUTLS]: Support SNI.
(send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line.
(send_gnutls_bye): New.
(cookie_close): Make use of preclose feature.
(http_verify_server_credentials): New.
(main) [TEST]: Remove test code.
* common/t-http.c: New.
* common/tls-ca.pem: New.
* common/Makefile.am (tls_sources): New. Move http code to here.
(libcommontls_a_SOURCES): New.
(libcommontlsnpth_a_SOURCES): New.
(EXTRA_DIST): Add tls-ca.pem
(module_maint_tests): Add t-http.
(t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New.
* dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth.
--
This new TLS API for http.c is much more flexible than the crude old
hack.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac (HAVE_NPTH): New ac_define.
* common/estream.c: Use USE_NPTH instead of HAVE_NPTH.
* common/http.c: Ditto. Replace remaining calls to pth by npth calls.
(connect_server): Remove useless _().
* common/exechelp-posix.c, common/exechelp-w32.c
* common/exechelp-w32ce.c: Use HAVE_PTH to include npth.h.
* common/init.c (_init_common_subsystems): Remove call to pth_init.
* common/sysutils.c (gnupg_sleep): Use npth_sleep.
* scd/ccid-driver.c (my_sleep): Ditto.
--
USE_NPTH is used in case were we may build with and without nPth. The
missing definition HAVE_NPTH didn't allowed us to build outher sources
with nPTh support.
|
| |
|
|
|
|
|
|
|
| |
* common/http.c (connect_server): Handle the new flags.
* common/http.h (HTTP_FLAG_IGNORE_IPv4, HTTP_FLAG_IGNORE_IPv4): New.
* dirmngr/ks-engine-hkp.c (map_host): Add arg r_httpflags.
(make_host_part): Ditto.
(send_request): Add arg httpflags.
(ks_hkp_search, ks_hkp_get, ks_hkp_put): Handle httpflags.
|
| |
|
|
|
| |
* common/http.h (struct parsed_uri_t): Add field v6lit.
* common/http.c (do_parse_uri): Set v6lit.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The asymmetric quotes used by GNU in the past (`...') don't render
nicely on modern systems. We now use two \x27 characters ('...').
The proper solution would be to use the correct Unicode symmetric
quotes here. However this has the disadvantage that the system
requires Unicode support. We don't want that today. If Unicode is
available a generated po file can be used to output proper quotes. A
simple sed script like the one used for en@quote is sufficient to
change them.
The changes have been done by applying
sed -i "s/\`\([^'\`]*\)'/'\1'/g"
to most files and fixing obvious problems by hand. The msgid strings in
the po files were fixed with a similar command.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Having the LGPL on the common GnuPG code helps to share code
between GnuPG and related projects (like GPGME and Libassuan). This
is good for interoperability and to reduces bugs.
* common/asshelp.c, common/asshelp.h, common/asshelp2.c, common/b64dec.c
* common/b64enc.c, common/convert.c, common/dns-cert.c
* common/dns-cert.h common/exechelp-posix.c, common/exechelp-w32.c
* common/exechelp-w32ce.c, common/exechelp.h, common/get-passphrase.c
* common/get-passphrase.h, common/gettime.c, common/gpgrlhelp.c
* common/helpfile.c, common/homedir.c, common/http.c, common/http.h
* common/i18n.c, common/init.c, common/init.h, common/iobuf.c
* common/iobuf.h, common/localename.c, common/membuf.c, common/membuf.h
* common/miscellaneous.c, common/openpgp-oid.c, common/openpgpdefs.h
* common/percent.c, common/pka.c, common/pka.h, common/session-env.c
* common/session-env.h, common/sexp-parse.h, common/sexputil.c
* common/signal.c, common/srv.c, common/srv.h, common/ssh-utils.c
* common/ssh-utils.h, common/sysutils.c, common/sysutils.h
* common/tlv.c, common/tlv.h, common/ttyio.c, common/ttyio.h
* common/userids.c, common/userids.h, common/xasprintf.c: Change
license to LGPLv3+/GPLv2+/
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/dns-cert.h (get_dns_cert): Remove macro.
* common/dns-cert.c (_get_dns_cert): Rename to get_dns_cert. Replace
arg ERRSOURCE by global DEFAULT_ERRSOURCE.
* common/http.h (http_parse_uri, http_raw_connect, http_open)
(http_open_document, http_wait_response): Remove macros.
* common/http.c (_http_parse_uri, _http_raw_connect, _http_open)
(_http_open_document, _http_wait_response): Remove underscore from
symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE.
* common/ssh-utils.h (ssh_get_fingerprint)
(ssh_get_fingerprint_string): Remove macros.
* common/ssh-utils.h (_ssh_get_fingerprint)
(_ssh_get_fingerprint_string): Remove underscore from symbols.
Replace args ERRSOURCE by global DEFAULT_ERRSOURCE.
* common/tlv.h (parse_ber_header, parse_sexp): Remove macros.
* common/tlv.c: Include util.h.
(_parse_ber_header, _parse_sexp): Remove underscore from symbols.
Replace args ERRSOURCE by global DEFAULT_ERRSOURCE.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac: Don't check for PTH but for NPTH.
(AH_BOTTOM): Remove PTH_SYSCALL_SOFT.
(have_pth): Rename to ...
(have_npth): ... this.
(USE_GNU_NPTH): Rename to ...
(USE_GNU_PTH): ... this.
* m4/npth.m4: New file.
* agent/Makefile.am, agent/cache.c, agent/call-pinentry.c,
agent/call-scd.c, agent/findkey.c, agent/gpg-agent.c,
agent/trustlist.c, common/Makefile.am, common/estream.c,
common/exechelp-posix.c, common/exechelp-w32.c,
common/exechelp-w32ce.c, common/http.c, common/init.c,
common/sysutils.c, dirmngr/Makefile.am, dirmngr/crlfetch.c,
dirmngr/dirmngr.c, dirmngr/dirmngr_ldap.c, dirmngr/ldap-wrapper-ce.c,
dirmngr/ldap-wrapper.c, dirmngr/ldap.c, g13/Makefile.am,
g13/call-gpg.c, g13/g13.c, g13/runner.c, scd/Makefile.am,
scd/apdu.c, scd/app.c, scd/ccid-driver.c, scd/command.c,
scd/scdaemon.c, tools/Makefile.am: Port to npth.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The basic network code from http.c is used for finger. This keeps the
network related code at one place and we are able to use the somewhat
matured code form http.c. Unfortunately I had to enhance the http
code for more robustness and probably introduced new bugs.
Test this code using
gpg --fetch-key finger:[email protected]
(I might be the last user of finger ;-)
|
| |
|
|
|
|
|
|
| |
We better do this once and for all instead of cluttering all future
commits with diffs of trailing white spaces. In the majority of cases
blank or single lines are affected and thus this change won't disturb
a git blame too much. For future commits the pre-commit scripts
checks that this won't happen again.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
A couple of forward ported changes.
Doc updates.
|
| |
|
|
|
| |
tests show that it works on W32.
|
| | |
|
| |
|
|
|
| |
Ported gpgtar to W32.
|
| |
|
|
|
| |
descriptors.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
sufficient to turn the feature on. (http_open): From here.
(http_document): And here.
* gpgkeys_hkp.c (srv_replace): New function to transform a SRV
hostname to a real hostname. (main): Call it from here for the
HAVE_LIBCURL case (without libcurl is handled via the curl-shim).
* curl-shim.h, curl-shim.c (curl_easy_setopt, curl_easy_perform): Add
a CURLOPT_SRVTAG_GPG_HACK (passed through the the http engine).
|
| |
|
|
|
| |
RFC-2732. Adapted from patch by Phil Pennock.
|
| | |
|
| | |
|
| |
|
|
|
| |
Removed intl/.
|
| |
|
|
|
| |
See the ChangeLogs for details.
|
| |
|
|
|
|
|
| |
This is mainly source code reorganization.
Update gnulib.
g10/ does currently not build.
|
| |
|
|
|
|
|
| |
* http.c (do_parse_uri): Remove the hkp port 11371 detection. We
implement hkp in the keyserver handler, and the support here makes it
appear like a bad hkp request actually succeeded.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
dirmngr package.
|
| |
|
|
|
| |
shows no prblems. Needs more testing of course.
|
| | |
|
|
|
Added support for estream and gnutls.
|
