From 72736af86a501592d974d46ff754a63959e183bd Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Tue, 24 Jan 2017 16:36:28 +0100 Subject: dirmngr: New option --disable-ipv4. * dirmngr/dirmngr.c (oDisableIPv4): New const. (opts): New option --disable-ipv4. (parse_rereadable_options): Set that option. * dirmngr/dirmngr.h (opt): New field 'disable_ipv4'. * dirmngr/dns-stuff.c (opt_disable_ipv4): bew var. (set_dns_disable_ipv4): New. (resolve_name_standard): Skip v4 addresses when OPT_DISABLE_IPV4 is set. * dirmngr/ks-engine-hkp.c (map_host): Ditto. (send_request): Pass HTTP_FLAG_IGNORE_IPv4 if opt.disable_v4 is set. * dirmngr/crlfetch.c (crl_fetch): Ditto. * dirmngr/ks-engine-finger.c (ks_finger_fetch): Ditto. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/ocsp.c (do_ocsp_request): Ditto. Signed-off-by: Werner Koch --- dirmngr/dns-stuff.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'dirmngr/dns-stuff.c') diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c index 9347196b3..ad19fc2ce 100644 --- a/dirmngr/dns-stuff.c +++ b/dirmngr/dns-stuff.c @@ -119,6 +119,10 @@ static int opt_debug; /* The timeout in seconds for libdns requests. */ static int opt_timeout; +/* The flag to disable IPv4 access - right now this only skips + * returned A records. */ +static int opt_disable_ipv4; + /* If set force the use of the standard resolver. */ static int standard_resolver; @@ -227,6 +231,15 @@ set_dns_verbose (int verbose, int debug) } +/* Set the Disable-IPv4 flag so that the name resolver does not return + * A addresses. */ +void +set_dns_disable_ipv4 (int yes) +{ + opt_disable_ipv4 = !!yes; +} + + /* Set the timeout for libdns requests to SECONDS. A value of 0 sets * the default timeout and values are capped at 10 minutes. */ void @@ -873,6 +886,8 @@ resolve_name_standard (const char *name, unsigned short port, { if (ai->ai_family != AF_INET6 && ai->ai_family != AF_INET) continue; + if (opt_disable_ipv4 && ai->ai_family == AF_INET) + continue; dai = xtrymalloc (sizeof *dai + ai->ai_addrlen - 1); dai->family = ai->ai_family; -- cgit v1.2.3