From ae9acb8745c1654b446b3cd5b9322b235723d9cb Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Mon, 18 Nov 2019 17:22:45 +0100
Subject: dirmngr: Forward http redirect warnings to gpg.

* dirmngr/http.c: Include dirmngr-status.h
(http_prepare_redirect): Emit WARNING status lines for redirection
problems.
* dirmngr/http.h: Include fwddecl.h.
(struct http_redir_info_s): Add field ctrl.
* dirmngr/ks-engine-hkp.c (send_request): Set it.
* dirmngr/ks-engine-http.c (ks_http_fetch): Set it.
* g10/call-dirmngr.c (ks_status_cb): Detect the two new warnings.
--

This should make it easier to diagnose problems with bad WKD servers.

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 dirmngr/http.c | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

(limited to 'dirmngr/http.c')

diff --git a/dirmngr/http.c b/dirmngr/http.c
index c6dc077da..56399a2f9 100644
--- a/dirmngr/http.c
+++ b/dirmngr/http.c
@@ -101,6 +101,7 @@
 #include "../common/i18n.h"
 #include "../common/sysutils.h" /* (gnupg_fd_t) */
 #include "dns-stuff.h"
+#include "dirmngr-status.h"    /* (dirmngr_status_printf)  */
 #include "http.h"
 #include "http-common.h"
 
@@ -3634,13 +3635,23 @@ http_prepare_redirect (http_redir_info_t *info, unsigned int status_code,
    * https address. */
   if (info->orig_onion && !locuri->onion)
     {
+      dirmngr_status_printf (info->ctrl, "WARNING",
+                             "http_redirect %u"
+                             " redirect from onion to non-onion address"
+                             " rejected",
+                             err);
       http_release_parsed_uri (locuri);
       return gpg_error (GPG_ERR_FORBIDDEN);
     }
   if (!info->allow_downgrade && info->orig_https && !locuri->use_tls)
     {
+      err = gpg_error (GPG_ERR_FORBIDDEN);
+      dirmngr_status_printf (info->ctrl, "WARNING",
+                             "http_redirect %u"
+                             " redirect '%s' to '%s' rejected",
+                             err, info->orig_url, location);
       http_release_parsed_uri (locuri);
-      return gpg_error (GPG_ERR_FORBIDDEN);
+      return err;
     }
 
   if (info->trust_location)
@@ -3720,6 +3731,10 @@ http_prepare_redirect (http_redir_info_t *info, unsigned int status_code,
       http_release_parsed_uri (locuri);
       if (!info->silent)
         log_info (_("redirection changed to '%s'\n"), newurl);
+      dirmngr_status_printf (info->ctrl, "WARNING",
+                             "http_redirect_cleanup %u"
+                             " changed from '%s' to '%s'",
+                             0, info->orig_url, newurl);
     }
 
   *r_url = newurl;
-- 
cgit v1.2.3