diff options
| author | Werner Koch <[email protected]> | 2019-11-09 10:29:59 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2019-11-09 10:29:59 +0000 |
| commit | 6e1c99bc397382f1ea2ba9d61a64328410adc95f (patch) | |
| tree | 500d648dee81be8d0219f611d2c69547b1c2be31 /doc/gpgsm.texi | |
| parent | doc: Document gpgsm's --keyserver option. (diff) | |
| download | gnupg-6e1c99bc397382f1ea2ba9d61a64328410adc95f.tar.gz gnupg-6e1c99bc397382f1ea2ba9d61a64328410adc95f.zip | |
gpgsm: Allow sepcification of ldaps servers.
* sm/gpgsm.h (struct keyserver_spec): Add field use_ldaps.
* sm/gpgsm.c (parse_keyserver_line): Parse flags.
* sm/call-dirmngr.c (prepare_dirmngr): Send ldaps flag to the dirmngr.
* dirmngr/dirmngr.h (struct ldap_server_s): Add field use_ldaps.
* dirmngr/ldapserver.c (ldapserver_parse_one): Parse flags.
* dirmngr/ldap.c (start_cert_fetch_ldap): Call wrapper with --tls.
* dirmngr/dirmngr_ldap.c: New option --tls.
(fetch_ldap): Make use of that option.
--
There was no way to specify an LDAPS server in
dirmngr_ldapserver.socnf or with gpgsm's --keyserver option. This
patch fixes this. Eventually we should allow to replace host and port
by a partial URI in the same way ldap_initialize does it. For backward
compatibility we do not yet do that.
Although the dirmngr code accepts an URL (eg. taken from a
certificate), I can't see how the scheme was ever used. Thus the
patch also detects an ldaps scheme and uses this. That part has not
been tested, though.
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'doc/gpgsm.texi')
| -rw-r--r-- | doc/gpgsm.texi | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi index 0745f8626..130b217a5 100644 --- a/doc/gpgsm.texi +++ b/doc/gpgsm.texi @@ -356,13 +356,27 @@ Note that the @command{dirmngr} can in addition be configured with a default list of LDAP servers to be used after those configured with this option. The syntax of @var{string} is: -@sc{hostname:port:username:password:base_dn} +@sc{hostname:port:username:password:base_dn:flags} + +The only defined flag is @code{ldaps} to specify that a TLS +connections shall be used. Flags are comma delimited; unknown flags +are ignored. Note that all parts of that string are expected to be UTF-8 encoded. This may lead to problems if the @sc{password} has originally been -encoded as Latin-1; in such a case better configure this LDAP server +encoded as Latin-1; in such a case better configure tsuch an LDAP server using the global configuration of @command{dirmngr}. +Here is an example which uses the default port, no username, no +password, and requests a TLS connection: + +@c man:.RS +@example +--keyserver ldap.pca.dfn.de::::o=DFN-Verein,c=DE:ldaps +@end example +@c man:.RE + + @item --policy-file @var{filename} @opindex policy-file Change the default name of the policy file to @var{filename}. The |