diff options
| author | Werner Koch <[email protected]> | 2018-12-18 07:21:03 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2018-12-18 07:25:02 +0000 |
| commit | 16424d8a34c7f6af1071fd19dfc180cb7d17c052 (patch) | |
| tree | ad43d933d644dea7c61fa6c70185e5dd15f62c50 /tools/gpg-wks-server.c | |
| parent | po: Update Japanese translation. (diff) | |
| download | gnupg-16424d8a34c7f6af1071fd19dfc180cb7d17c052.tar.gz gnupg-16424d8a34c7f6af1071fd19dfc180cb7d17c052.zip | |
wks: Do not use compression for the encrypted data.
* tools/gpg-wks-client.c (encrypt_response): Add arg -z0.
* tools/gpg-wks-server.c (encrypt_stream): Ditto.
--
If for example a server was built without the development packages of
the compression libraries installed, the server will not be able to
decrypt a request. In theory this can't happen due to the preference
system but it is just to easy to create the server's key using a
different version of gpg and then use gpg-wks-server built
differently.
For the short messages we exchange compression is not really required
and thus we better do without to make the system more robust.
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 70a8db0333e3c22403b3647f8b5f924f6dace719)
Diffstat (limited to 'tools/gpg-wks-server.c')
| -rw-r--r-- | tools/gpg-wks-server.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/tools/gpg-wks-server.c b/tools/gpg-wks-server.c index 1a0ba8f4f..f83ef6528 100644 --- a/tools/gpg-wks-server.c +++ b/tools/gpg-wks-server.c @@ -586,6 +586,7 @@ encrypt_stream (estream_t *r_output, estream_t input, const char *keyfile) ccparray_put (&ccp, "--always-trust"); ccparray_put (&ccp, "--no-keyring"); ccparray_put (&ccp, "--armor"); + ccparray_put (&ccp, "-z0"); /* No compression for improved robustness. */ ccparray_put (&ccp, "--recipient-file"); ccparray_put (&ccp, keyfile); ccparray_put (&ccp, "--encrypt"); |