aboutsummaryrefslogtreecommitdiffstats
path: root/dirmngr (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* dirmngr: Factor out interrogate_ldap_dn function.NIIBE Yutaka2022-09-261-66/+69
| | | | | | | | | * dirmngr/ks-engine-ldap.c (interrogate_ldap_dn): New. -- GnuPG-bug-id: 6047 Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Fix CRL DP error fallback to other schemes.Werner Koch2022-09-161-28/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/crlcache.c (crl_cache_reload_crl): Rework the double loop. Remove the unused issuername_uri stuff. -- It is quite common that LDAP servers are blocked and thuis the HTTP access point should be used instead. This worked well for certificates where the DP are given in this form: crlDP: ldap://x500.bund.de/[...] http://x500.bund.de/[...] issuer: none but it failed for this form crlDP: ldap://x500.bund.de/[...] issuer: none crlDP: http://x500.bund.de/[...] issuer: none because the LAST_ERR thing terminated the outer loop. This pacth fixes this and also cleans up the code to be more robust. Note that the common workaround of using --ignore-ldap-dp will now only be needed if the firewall uses packet dropping instead of proper ICMP rejects.
* dirmngr:dns,doc,gpg: Fix for noreturn for C11.NIIBE Yutaka2022-09-161-1/+1
| | | | | | | | | | | * dirmngr/dns.c: Use __noreturn__. * doc/yat2m.c: Likewise. * g10/main.h: Likewise. -- GnuPG-bug-id: 4002 Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Fix for USE_LDAP.NIIBE Yutaka2022-09-142-0/+7
| | | | | | | | | | * dirmngr/ks-action.c [USE_LDAP] (ks_action_help): Recover variables. * dirmngr/server.c [USE_LDAP] (dirmngr/server.c): Likewise. -- Fixes-commit: 3d7dbf16618db4d0dc602daadbde098d4a14b528 Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr:dns: Fixes for function prototypes.NIIBE Yutaka2022-09-141-59/+164
| | | | | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/dns.c (dns_a_parse0, dns_a_push0, dns_a_cmp0): New. (dns_a_print0, dns_aaaa_parse0, dns_aaaa_cmp0): New. (dns_aaaa_print0, dns_mx_parse0, dns_mx_push0, dns_mx_cmp0): New. (dns_mx_print0, dns_mx_cname0, dns_ns_parse0, dns_ns_push0): New. (dns_ns_cmp0, dns_ns_print0, dns_ns_cname0, dns_cname_parse0): New. (dns_cname_push0, dns_cname_cmp0, dns_cname_print0): New. (dns_cname_cname0, dns_soa_parse0, dns_soa_push0): New. (dns_soa_cmp0, dns_soa_print0, dns_srv_parse0, dns_srv_push0): New. (dns_srv_cmp0, dns_srv_print0, dns_srv_cname0, dns_opt_parse0): New. (dns_opt_push0, dns_opt_cmp0, dns_opt_print0, dns_ptr_parse0): New. (dns_ptr_push0, dns_ptr_cmp0, dns_ptr_print0, dns_ptr_cname0): New. (dns_sshfp_parse0, dns_sshfp_push0, dns_sshfp_cmp0): New. (dns_sshfp_print0, dns_txt_parse0, dns_txt_push0, dns_txt_cmp0): New. (struct dns_rrtype): Add function prototypes. (dns_rrtypes): Use "0" variant of functions. (DNS_PRAGMA_PUSH, DNS_PRAGMA_POP): Remove. -- Original code was pretty badly written ignoring the type system of C, but modern compiler encourages use of the type system. No architectural changes, but only things mechanically possible. Signed-off-by: NIIBE Yutaka <[email protected]>
* agent,dirmngr,gpg,scd: Clean up for modern compiler.NIIBE Yutaka2022-09-144-6/+4
| | | | | | | | | | | | | | | | | | * agent/protect.c (agent_get_shadow_info_type): It's a write only variable, useful for debugging. * g10/key-check.c (key_check_all_keysigs): Likewise. * g10/keyedit.c (show_basic_key_info, menu_expire): Likewise. * scd/app-sc-hsm.c (read_ef_prkd): Likewise. * dirmngr/crlfetch.c (fetch_next_ksba_cert): Initialize the vars. * dirmngr/ks-action.c (ks_action_help): Remove unused variables. * dirmngr/server.c (make_keyserver_item): Likewise. * dirmngr/validate.c (check_cert_sig): Initialize the variable. * scd/app-p15.c (select_and_read_record): Likewise. * tests/gpgscm/scheme.c (scheme_init_new): A function with no args. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: New option --debug-cache-expired-certs.Werner Koch2022-08-313-3/+14
| | | | | | | | * dirmngr/dirmngr.h (opt): Add debug_cache_expired_certs: * dirmngr/dirmngr.c (oDebugCacheExpiredCerts): New. (opts): Add option. (parse_rereadable_options): Set option. * dirmngr/certcache.c (put_cert): Handle the option.
* dirmngr: Reject certificate which is not valid into cache.NIIBE Yutaka2022-08-261-0/+14
| | | | | | | | | | | | | | | | * dirmngr/certcache.c (put_cert): When PERMANENT, reject the certificate which is obviously invalid. -- With this change, invalid certificates from system won't be registered into cache. Then, an intermediate certificate which is issued by an entity certified by such an invalid certificate will be also rejected with GPG_ERR_INV_CERT_OBJ. With less invalid certificates in cache, it helps the validate_cert_chain function work better. GnuPG-bug-id: 6142 Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Fix NTBTLS include for testAndre Heinecke2022-08-161-1/+2
| | | | | | | | * dirmngr/Makefile.am (t_ldap_parse_uri_CFLAGS): Add NTBTLS. -- This fixes the build in case every lib is installed into its own prefix.
* dirmngr: Fix failed malloc error message.Werner Koch2022-08-031-2/+5
| | | | * dirmngr/ocsp.c (check_signature): Fix error printing of xtrymalloc.
* dirmngr: Fix a wrong compiler warning.Werner Koch2022-06-131-1/+1
| | | | | | | -- validate.c:1103:13: warning: ‘saltlen’ may be used uninitialized in this function [-Wmaybe-uninitialized]
* dirmngr: Fix for Windows.NIIBE Yutaka2022-05-101-4/+38
| | | | | | | | | | | | | * dirmngr/http.c (EHOSTUNREACH, EAFNOSUPPORT): Define when not available. [HTTP_USE_GNUTLS] (my_gnutls_read): Use recv for Windows. [HTTP_USE_GNUTLS] (my_gnutls_write): Use send for Windows. -- Reported-by: Eli Zaretskii GnuPG-bug-id: 5899 Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Fix for C90 compiler.NIIBE Yutaka2022-04-261-1/+2
| | | | | | | | * dirmngr/dirmngr.c (main): Declaration before a statement. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* Deprecate the --supervised options.Werner Koch2022-04-251-1/+4
| | | | | | | | * agent/gpg-agent.c (main): Mark --supervised as deprecated. * dirmngr/dirmngr.c (main): Ditto. -- The supervised thing causes more trouble than it pretends to solve.
* dirmngr: Fix MakefileWerner Koch2022-04-211-1/+1
| | | | | -- Fixes-commit: 89dc9f1e6916ebd123852534b8cada2fc3555688
* dirmngr: Changes to the linking order.Werner Koch2022-04-201-11/+15
| | | | | | * dirmngr/Makefile.am: Tweak library order. -- (cherry picked from commit 3c79ff34c417bfc392008eca1970b86bec54d6c3)
* sm: Print diagnostic about CRL problems due to Tor mode.Werner Koch2022-04-113-23/+39
| | | | | | | | | | | | | | | | | | | | | | * dirmngr/crlfetch.c (crl_fetch, crl_fetch_default) (ca_cert_fetch, start_cert_fetch): Factor Tor error out to ... (no_crl_due_to_tor): new. Print status note. * dirmngr/ks-engine-ldap.c (ks_ldap_get) (ks_ldap_search, ks_ldap_put): Factor Tor error out to ... (no_ldap_due_to_tor): new. Print status note. * dirmngr/ocsp.c (do_ocsp_request): Print status note. * sm/misc.c (gpgsm_print_further_info): New. * sm/call-dirmngr.c (warning_and_note_printer): New. (isvalid_status_cb): Call it. (lookup_status_cb): Ditto. (run_command_status_cb): Ditto. * common/asshelp2.c (vprint_assuan_status): Strip a possible trailing LF. --
* dirmngr: Fix for SOCK.NIIBE Yutaka2022-03-301-1/+1
| | | | | | | | | | * dirmngr/http.c (connect_with_timeout): Use FD2INT to unwrap SOCK. -- GnuPG-bug-id: 5899 Reported-by: Eli Zaretskii Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Clean up for not supporting WindowsCE.NIIBE Yutaka2022-03-293-174/+1
| | | | | | | | | | | * dirmngr/Makefile.am (dirmngr_SOURCES): Remove w32-ldap-help.h. * dirmngr/cdblib.c (cdb_init): Remove for __MINGW32CE__. * dirmngr/w32-ldap-help.h: Remove. -- Fixes-commit: 4c295646ba0e175743e6be13457308c1e6d21dd3 Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Escape more characters in WKD requests.Werner Koch2022-03-281-1/+1
| | | | | | * dirmngr/server.c (proc_wkd_get): Also escape '#' and '+' -- GnuPG-bug-id: 5902
* dirmngr: Workaround for a certain broken LDAP URLWerner Koch2022-03-251-3/+19
| | | | | | | | | | | | | | | | * dirmngr/ldap.c (url_fetch_ldap): Detect and replace. -- The actual URL causing this is ldap://ldap.dgnservice.de:389/CN=CRL-1,O=DGN%20Service%20GmbH,\ C=DE?certificateRevocationList?base?objectClass=cRLDistributionPoint It is actually not very helpful because I had problems finding the issuer cert: CN=dgnservice CRL2101 13:PN,O=DGN Deutsches Gesundheitsnetz \ Service GmbH,C=DE
* dirmngr: Suppress error message on trial reading as PEM format.NIIBE Yutaka2022-03-241-5/+7
| | | | | | | | | | | * dirmngr/dirmngr-client.c (read_pem_certificate): Add NO_ERRMSG argument to suppress the error message. (read_certificate, squid_loop_body): Follow the change. -- GnuPG-bug-id: 5531 Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Clear the error count to try certificate as binary.NIIBE Yutaka2022-03-241-0/+2
| | | | | | | | | | * dirmngr/dirmngr-client.c (read_certificate): Call log_get_errorcount. -- GnuPG-bug-id: 5531 Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Make WKD_GET work even for servers not handling SRV RRs.Werner Koch2022-03-211-1/+8
| | | | | | | | | | | * dirmngr/server.c (proc_wkd_get): Take care of DNS server failures -- Unfortunately there are resolver setups which don't handle SRV records but return a server error. We let a not found error pass, because that merely means the domain does not exists. GnuPG-bug-id: 4729
* dimngr: Do not check the self-signature of a root CA cert.Werner Koch2022-02-271-8/+8
| | | | * dirmngr/validate.c (validate_cert_chain): Comment out that code.
* dirmngr: Support ECDSA for CRLsWerner Koch2022-02-272-12/+92
| | | | | | * dirmngr/crlcache.c (finish_sig_check): Support ECDSA. * dirmngr/validate.c (check_cert_sig): Ditto. Remove the never used support for DSA.
* dirmngr: Support ECDSA for OCSP.Werner Koch2022-02-273-50/+106
| | | | | | | | | | | | * dirmngr/validate.c (pk_algo_from_sexp): Make public. Support ECC. * dirmngr/ocsp.c (check_signature): Remove hash preparation out to ... (check_signature_core): here. This changes the arg s_hash to md. Support ECDSA. -- The test was done with my qualified signature certificate from the Telesec and their responder http://tqrca1.ocsp.telesec.de/ocspr . See also libksba commit rK24992a4a7a61d93759e1dbd104b845903d4589bf
* dirmngr: Avoid initial delay on the first keyserver access.Werner Koch2022-02-013-2/+12
| | | | | | | | | | | | | | | * dirmngr/dirmngr.c (dirmngr_never_use_tor_p): New. * dirmngr/server.c (ensure_keyserver): Don't even test for the Tor proxy in never-use-tor Mode. * tools/gpgtar-create.c: Include unistd.h to avoid a warning on Windows. -- This delay of 2 or 3 seconds is in particular annoying on Windows. This is now suppressed, as it should be, if --no-use-tor is used. The second patch is unrelated
* gpgconf: Return --ldapserver and --keyserver from dirmngr.Werner Koch2022-01-251-8/+7
| | | | | | | | | | | * dirmngr/dirmngr.c: Reorder two option groups. * tools/gpgconf-comp.c (known_options_gpgsm): Rename "keyserver" to "ldapserver" and set level to invisible. (known_options_dirmngr): Add "ldapserver" at the basic level. * sm/gpgsm.c (opts): No more help text for "ldapserver". -- GnuPG-bug-id: 5800
* dirmngr: Map all gnupg.net addresses to the Ubuntu keyserver.Werner Koch2022-01-101-4/+4
| | | | | | | | | | | * dirmngr/server.c (make_keyserver_item): Change mapping. -- It turned out that having the old surfnet keyserver for unencrypted connections is problematic because that server does not sync with the Ubuntu server. GnuPG-bug-id: 5751
* build: Update for newer autoconf.NIIBE Yutaka2021-12-221-1/+1
| | | | | | | | | | | | | | | * configure.ac (AC_PREREQ): Use >= 2.69. (AC_CONFIG_HEADERS): Use it, instead of AC_CONFIG_HEADER. (AC_HEADER_STDC, AC_HEADER_TIME): Remove obsolete macros. (sys/time.h): Add the check of the header. (time_t): Don't use TIME_WITH_SYS_TIME. * acinclude.m4 (AC_HEADER_TIME): Don't require. Don't use TIME_WITH_SYS_TIME. * dirmngr/dns.c: Don't use TIME_WITH_SYS_TIME. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Ask keyservers to provide the key fingerprintsIngo Klöcker2021-12-201-1/+1
| | | | | | | | | | | | * dirmngr/ks-engine-hkp.c (ks_hkp_search): Add "fingerprint=on" to request URL. -- Some keyservers, e.g. keyserver.ubuntu.com (Hockeypuck), do not provide the key fingerprints by default. Therefore, we ask for the fingerprints explicitly. GnuPG-bug-id: 5741
* dirmngr: Fix ldap-url.c.NIIBE Yutaka2021-12-171-2/+2
| | | | | | | | | * dirmngr/ldap-url.c (ldap_charray2str): Use memcpy instead of strncpy when length is computed by strlen beforhand. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Avoid memory leaks on errorsJakub Jelen2021-11-241-2/+4
| | | | | | | | | * dirmngr/ldap-misc.c (ldap_parse_extfilter): Avoid direct return without freeing resources on errors. -- GnuPG-bug-id: 5393 Signed-off-by: Jakub Jelen <[email protected]>
* agent,dirmngr: New option --steal-socketWerner Koch2021-11-131-1/+12
| | | | | | | | | | | | | | | | | | | * agent/gpg-agent.c (oStealSocket): New. (opts): Add option. (steal_socket): New file global var. (main): Set option. (create_server_socket): Implement option. * dirmngr/dirmngr.c (oStealSocket): New. (opts): Add option. (steal_socket): New file global var. (main): Set option. Add comment to eventually implement it. -- Note that --steal-socket has currently no effect on dirmngr because dirmngr does this anway. Signed-off-by: Werner Koch <[email protected]>
* dns: Make reading resolv.conf more robust.NIIBE Yutaka2021-10-151-1/+6
| | | | | | | | | | * dirmngr/dns.c (dns_resconf_loadfile): Skip "search" which begins with '.'. -- GnuPG-bug-id: 5657 Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: New option --ignore-certWerner Koch2021-10-063-6/+77
| | | | | | | | | | | | | | | | * dirmngr/dirmngr.h (struct fingerprint_list_s): Add field binlen. (opt): Add field ignored_certs. * dirmngr/dirmngr.c: Add option --ignore-cert (parse_rereadable_options): Handle that option. (parse_ocsp_signer): Rename to ... (parse_fingerprint_item): this and add two args. * dirmngr/certcache.c (put_cert): Ignore all to be igored certs. Change callers to handle the new error return. -- This option is useful as a workaround in case we ill run into other chain validation errors like what we fixed in GnuPG-bug-id: 5639
* dirmngr: Fix Let's Encrypt certificate chain validation.Werner Koch2021-10-061-8/+31
| | | | | | | | | | | | * dirmngr/certcache.c (find_cert_bysubject): Return the first trusted certififcate if any. -- This is basically the same as using OpenSSL with ist X509_V_FLAG_TRUSTED_FIRST flag. See https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/ GnuPG-bug-id: 5639
* agent,dirmngr,kbx,scd,tpm2d: Use gnupg_sleep.NIIBE Yutaka2021-10-053-5/+5
| | | | | | | | | | | | | | | | * agent/findkey.c (unprotect): Use gnupg_sleep. * agent/gpg-agent.c (handle_connections): Likewise. * dirmngr/crlfetch.c (handle_connections): Likewise. * kbx/keyboxd.c (handle_connections): Likewise. * tpm2d/tpm3daemon.c (handle_connections): Likewise. * scd/scdaemon.c (handle_connections): Likewise. * scd/command.c (cmd_lock): Likewise. * dirmngr/ldap-wrapper.c (ldap_reaper_thread): Likewise. (ldap_wrapper_wait_connections): Use gnupg_usleep. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* build: Fix several "include file not found" problemsIngo Klöcker2021-09-201-1/+1
| | | | | | | | | | | | | * dirmngr/Makefile.am (t_ldap_parse_uri_CFLAGS): Add KSBA_CFLAGS. * kbx/Makefile.am (libkeybox_a_CFLAGS, libkeybox509_a_CFLAGS): Add NPTH_CFLAGS. * tools/Makefile.am (gpgtar_CFLAGS, gpg_wks_server_CFLAGS, gpg_wks_client_CFLAGS, gpg_pair_tool_CFLAGS): Add LIBGCRYPT_CFLAGS. -- The tools include gcrypt.h via common/util.h. GnuPG-bug-id: 5592
* dirmngr: Change the default keyserver.Werner Koch2021-08-244-47/+53
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | * configure.ac (DIRMNGR_DEFAULT_KEYSERVER): Change to keyserver.ubuntu.com. * dirmngr/certcache.c (cert_cache_init): Disable default pool cert. * dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Ditto. * dirmngr/http.c (http_session_new): Ditto. * dirmngr/server.c (make_keyserver_item): Use a different mapping for the gnupg.net names. -- Due to the unfortunate shutdown of the keyserver pool, the long term defaults won't work anymore. Thus it is better to change them. For https access keyserver.ubuntu.com is now used because it can be expected that this server can stand the load from newer gnupg LTS versions. For http based access the Dutch Surfnet keyserver is used. However due to a non-standard TLS certificate this server can not easily be made the default for https. Note: that the default server will be changed again as soon as a new connected keyserver infrastructure has been established. (cherry picked from commit 47c4e3e00a7ef55f954c14b3c237496e54a853c1)
* build: Simplify for string.h and getopt.h.NIIBE Yutaka2021-08-051-3/+0
| | | | | | | | | | | | | * configure.ac (AC_CHECK_HEADERS): Remove string.h and getopt.h. * dirmngr/ks-engine-ldap.c: Remove including getopt.h. * tools/make-dns-cert.c: Likewise. -- Checking string.h is supported by AC_HEADER_STDC. Use of getopt.h is only needed for getopt_long of GNU extention. Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Fix regression in KS_GET for mail address pattern.Werner Koch2021-06-211-1/+39
| | | | | | | | | | | | | | | * dirmngr/ks-engine-hkp.c (ks_hkp_search): Munge mail address pattern. (ks_hkp_get): Allow for mail addresses. - Before the keyserver changes in 2.2.28 gpg passed dirmngr a pail address as an exact pattern (e.g. "[email protected]"). Since 2.2.28 the mail address is detected gpg gpg and we see for example "<[email protected]>". This patch fixes this to turn a mail address into an exact match again. GnuPG-bug-id: 5497 Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Fix build with --disable-ldap.NIIBE Yutaka2021-06-161-0/+2
| | | | | | | | | | | * dirmngr/dirmngr.c (parse_rereadable_options) [USE_LDAP]: Conditionalize. -- Reported-by: Phil Pennock Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit c8b2162c0e7eb42b74811b7ed225fa0f56be4083)
* dirmngr: Allow to pass no filter args to dirmngr_ldap.Werner Koch2021-06-161-5/+11
| | | | | | | | | | | * dirmngr/dirmngr_ldap.c (main): Handle no args case. -- This is required for example for CRLs. The old code did not require this because the hos was taken from the URL given has arg. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit f6e45671aa26f3e7abb968a876de7bbdb4fca3f1)
* dirmngr: Rewrite the LDAP wrapper toolWerner Koch2021-06-1612-694/+1250
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/ldap-misc.c: New. * dirmngr/ldap-misc.h: New. * dirmngr/ks-engine-ldap.c: Include ldap-misc.h. (ldap_err_to_gpg_err, ldap_to_gpg_err): Move to ldap-misc.c. * dirmngr/ldap-wrapper.c (ldap_wrapper): Print list of args in debug mode. * dirmngr/server.c (lookup_cert_by_pattern): Handle GPG_ERR_NOT_FOUND the saqme as GPG_ERR_NO_DATA. * dirmngr/ldap.c (run_ldap_wrapper): Add args tls_mode and ntds. Remove arg url. Adjust for changes in dirmngr_ldap. (url_fetch_ldap): Remove args host and port. Parse the URL and use these values to call run_ldap_wrapper. (attr_fetch_ldap): Pass tls flags to run_ldap_wrapper. (rfc2254_need_escape, rfc2254_escape): New. (extfilt_need_escape, extfilt_escape): New. (parse_one_pattern): Rename to ... (make_one_filter): this. Change for new dirmngr_ldap calling convention. Make issuer DN searching partly work. (escape4url, make_url): Remove. (start_cert_fetch_ldap): Change for new dirmngr_ldap calling convention. * dirmngr/dirmngr_ldap.c: Major rewrite. * dirmngr/t-ldap-misc.c: New. * dirmngr/t-support.h (DIM, DIMof): New. * dirmngr/Makefile.am (dirmngr_ldap_SOURCES): Add ldap-misc.c (module_tests) [USE_LDAP]: Add t-ldap-misc. (t_ldap_parse_uri_SOURCES): Ditto. (t_ldap_misc_SOURCES): New. -- This rewrite allows to properly handle TLS and avoids some code duplication. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 39815c023f0371dea01f7c51469b19c06ad18718)
* dirmngr: Remove useless code.Werner Koch2021-06-161-5/+0
| | | | | | | | | | * dirmngr/ks-engine-ldap.c (my_ldap_connect): Remove the password_param thing because we set the password directly without an intermediate var. -- Reported-by: Ingo Kloecker (cherry picked from commit 8bd5172539e1399b407aa2a9d56fa51b8e040ae3)
* dirmngr: Fix default port for our redefinition of ldaps.Werner Koch2021-06-162-31/+43
| | | | | | | | | | * dirmngr/server.c (make_keyserver_item): Fix default port for ldaps. Move a tmpstr out of the blocks. * dirmngr/ks-engine-ldap.c (my_ldap_connect): Improve diagnostics. -- Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 8de9d54ac83fa20cb52b847b643311841be4d6dc)
* dirmngr: Use --ldaptimeout for OpenPGP LDAP keyservers.Werner Koch2021-06-162-4/+20
| | | | | | | | | | | | | | | * dirmngr/ks-engine-ldap.c (my_ldap_connect): Use LDAP_OPT_TIMEOUT. * dirmngr/dirmngr.c (main): Move --ldaptimeout setting to ... (parse_rereadable_options): here. -- Note that this has not yet been tested. In fact a test with OpenLDAP using a modified route got stuck in the connection attempt. Maybe it works on Windows - will be tested later. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 317d5947b84ae2707e46b89fb0d8318c07174e13)
* dirmngr: New option --ldapserverWerner Koch2021-06-163-6/+91
| | | | | | | | | | | | | | | | | * dirmngr/dirmngr.c (opts): Add option --ldapserver. (ldapserver_list_needs_reset): New var. (parse_rereadable_options): Implement option. (main): Ignore dirmngr_ldapservers.conf if no --ldapserver is used. * dirmngr/server.c (cmd_ldapserver): Add option --clear and list configured servers if none are given. -- This option allows to specify LDAP keyserver in dirmngr instead of using gpgsm.conf. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit ff17aee5d10c8c5ab902253fb4332001c3fc3701)