gpg: Add new --auto-key-locate mechanism "dane".

* g10/call-dirmngr.c (gpg_dirmngr_dns_cert): Allow fetching via DANE.
* g10/keyserver.c (keyserver_import_cert): Add arg "dane_mode".
* g10/options.h (AKL_DANE): New.
* g10/getkey.c (get_pubkey_byname): Implement AKL_DANE.
(parse_auto_key_locate): Ditto.
--

To test this use

  gpg --auto-key-locate clear,dane,local --locate-key -v [email protected]

Signed-off-by: Werner Koch <[email protected]>

1 files changed, 10 insertions, 1 deletions

diff --git a/g10/getkey.c b/g10/getkey.c
index ba29c3dca..a5f568956 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -898,7 +898,7 @@ get_pubkey_byname (ctrl_t ctrl, GETKEY_CTX * retctx, PKT_public_key * pk,
 	    case AKL_CERT:
 	      mechanism = "DNS CERT";
 	      glo_ctrl.in_auto_key_retrieve++;
-	      rc = keyserver_import_cert (ctrl, name, &fpr, &fpr_len);
+	      rc = keyserver_import_cert (ctrl, name, 0, &fpr, &fpr_len);
 	      glo_ctrl.in_auto_key_retrieve--;
 	      break;
 
@@ -909,6 +909,13 @@ get_pubkey_byname (ctrl_t ctrl, GETKEY_CTX * retctx, PKT_public_key * pk,
 	      glo_ctrl.in_auto_key_retrieve--;
 	      break;
 
+	    case AKL_DANE:
+	      mechanism = "DANE";
+	      glo_ctrl.in_auto_key_retrieve++;
+	      rc = keyserver_import_cert (ctrl, name, 1, &fpr, &fpr_len);
+	      glo_ctrl.in_auto_key_retrieve--;
+	      break;
+
 	    case AKL_LDAP:
 	      mechanism = "LDAP";
 	      glo_ctrl.in_auto_key_retrieve++;
@@ -3060,6 +3067,8 @@ parse_auto_key_locate (char *options)
 #endif
       else if (ascii_strcasecmp (tok, "pka") == 0)
 	akl->type = AKL_PKA;
+      else if (ascii_strcasecmp (tok, "dane") == 0)
+	akl->type = AKL_DANE;
       else if ((akl->spec = parse_keyserver_uri (tok, 1)))
 	akl->type = AKL_SPEC;
       else