dirmngr: New option --disable-ipv6

* dirmngr/dirmngr.h (struct opt): Add field 'disable_ipv6'.
* dirmngr/dirmngr.c (oDisableIPv6): New const.
(opts): New option --disable-ipv6.
(parse_rereadable_options): Set that option.
* dirmngr/dns-stuff.c (opt_disable_ipv6): New var.
(set_dns_disable_ipv6): New.
(resolve_name_standard): Make use of it.
* dirmngr/ks-engine-finger.c (ks_finger_fetch): Take care of
OPT.DISABLE_IPV6.
* dirmngr/ks-engine-hkp.c (map_host): Ditto.
(send_request): Ditto.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/ocsp.c (do_ocsp_request): Ditto.

Signed-off-by: Werner Koch <[email protected]>

1 files changed, 15 insertions, 0 deletions

diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
index c9ce40a2c..728f662ae 100644
--- a/dirmngr/dns-stuff.c
+++ b/dirmngr/dns-stuff.c
@@ -123,6 +123,10 @@ static int opt_timeout;
  * returned A records.  */
 static int opt_disable_ipv4;
 
+/* The flag to disable IPv6 access - right now this only skips
+ * returned AAAA records.  */
+static int opt_disable_ipv6;
+
 /* If set force the use of the standard resolver.  */
 static int standard_resolver;
 
@@ -248,6 +252,15 @@ set_dns_disable_ipv4 (int yes)
 }
 
 
+/* Set the Disable-IPv6 flag so that the name resolver does not return
+ * AAAA addresses.  */
+void
+set_dns_disable_ipv6 (int yes)
+{
+  opt_disable_ipv6 = !!yes;
+}
+
+
 /* Set the timeout for libdns requests to SECONDS.  A value of 0 sets
  * the default timeout and values are capped at 10 minutes.  */
 void
@@ -953,6 +966,8 @@ resolve_name_standard (const char *name, unsigned short port,
         continue;
       if (opt_disable_ipv4 && ai->ai_family == AF_INET)
         continue;
+      if (opt_disable_ipv6 && ai->ai_family == AF_INET6)
+        continue;
 
       dai = xtrymalloc (sizeof *dai + ai->ai_addrlen - 1);
       dai->family = ai->ai_family;