gpg: Filter keys received via DANE

* g10/keyserver.c (keyserver_import_cert): Use an import filter in DANE mode. -- We only want to see the user ids requested via DANE and not any additional ids. This filter enables this in the same way we do this in WKD. Signed-off-by: Werner Koch <[email protected]>
author: Werner Koch <[email protected]> 2017-07-24 17:35:45 +0000
committer: Werner Koch <[email protected]> 2017-07-24 18:09:52 +0000
commit: f6f0dd4d5ea85e0b16e96d7678b1d508182049a8 (patch)
tree: 1cf2d4f3571f25525889a0480a2c385bce9422b2
parent: dirmngr: Print a SOURCE status for WKD requests. (diff)
download: gnupg-f6f0dd4d5ea85e0b16e96d7678b1d508182049a8.tar.gz
gnupg-f6f0dd4d5ea85e0b16e96d7678b1d508182049a8.zip
1 files changed, 27 insertions, 5 deletions
diff --git a/g10/keyserver.c b/g10/keyserver.c
index bec30e37d..a84961e37 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -1926,14 +1926,36 @@ keyserver_import_cert (ctrl_t ctrl, const char *name, int dane_mode,
   else if (key)
     {
       int armor_status=opt.no_armor;
+      import_filter_t save_filt;
 
       /* CERTs and DANE records are always in binary format */
       opt.no_armor=1;
-
-      err = import_keys_es_stream (ctrl, key, NULL, fpr, fpr_len,
-                                   (opt.keyserver_options.import_options
-                                    | IMPORT_NO_SECKEY),
-                                   NULL, NULL, KEYORG_DANE);
+      if (dane_mode)
+        {
+          save_filt = save_and_clear_import_filter ();
+          if (!save_filt)
+            err = gpg_error_from_syserror ();
+          else
+            {
+              char *filtstr = es_bsprintf ("keep-uid=mbox = %s", look);
+              err = filtstr? 0 : gpg_error_from_syserror ();
+              if (!err)
+                err = parse_and_set_import_filter (filtstr);
+              xfree (filtstr);
+              if (!err)
+                err = import_keys_es_stream (ctrl, key, NULL, fpr, fpr_len,
+                                             IMPORT_NO_SECKEY,
+                                             NULL, NULL, KEYORG_DANE);
+              restore_import_filter (save_filt);
+            }
+        }
+      else
+        {
+          err = import_keys_es_stream (ctrl, key, NULL, fpr, fpr_len,
+                                       (opt.keyserver_options.import_options
+                                        | IMPORT_NO_SECKEY),
+                                       NULL, NULL, 0);
+        }
 
       opt.no_armor=armor_status;
author	Werner Koch <[email protected]>	2017-07-24 17:35:45 +0000
committer	Werner Koch <[email protected]>	2017-07-24 18:09:52 +0000
commit	f6f0dd4d5ea85e0b16e96d7678b1d508182049a8 (patch)
tree	1cf2d4f3571f25525889a0480a2c385bce9422b2
parent	dirmngr: Print a SOURCE status for WKD requests. (diff)
download	gnupg-f6f0dd4d5ea85e0b16e96d7678b1d508182049a8.tar.gz gnupg-f6f0dd4d5ea85e0b16e96d7678b1d508182049a8.zip