diff options
Diffstat (limited to '')
| -rw-r--r-- | dirmngr/dns-cert.c | 19 | ||||
| -rw-r--r-- | dirmngr/dns-cert.h | 1 | ||||
| -rw-r--r-- | dirmngr/server.c | 3 |
3 files changed, 21 insertions, 2 deletions
diff --git a/dirmngr/dns-cert.c b/dirmngr/dns-cert.c index 3845a4b25..712dfc017 100644 --- a/dirmngr/dns-cert.c +++ b/dirmngr/dns-cert.c @@ -59,7 +59,22 @@ /* ADNS has no support for CERT yet. */ #define my_adns_r_cert 37 +/* If set Tor mode shall be used. */ +static int tor_mode; +/* Sets the module in TOR mode. Returns 0 is this is possible or an + error code. */ +gpg_error_t +enable_dns_tormode (void) +{ +#if defined(USE_DNS_CERT) && defined(USE_ADNS) +# if HAVE_ADNS_IF_TORMODE + tor_mode = 1; + return 0; +# endif +#endif + return gpg_error (GPG_ERR_NOT_IMPLEMENTED); +} /* Returns 0 on success or an error code. If a PGP CERT record was found, the malloced data is returned at (R_KEY, R_KEYLEN) and @@ -92,7 +107,9 @@ get_dns_cert (const char *name, int want_certtype, *r_fprlen = 0; *r_url = NULL; - if (adns_init (&state, adns_if_noerrprint, NULL)) + if (tor_mode? adns_init_strcfg (&state, adns_if_noerrprint|adns_if_tormode, + NULL, "nameserver 8.8.8.8") + /* */: adns_init (&state, adns_if_noerrprint, NULL)) { err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ()); log_error ("error initializing adns: %s\n", strerror (errno)); diff --git a/dirmngr/dns-cert.h b/dirmngr/dns-cert.h index 9dbc58c23..e5cd4eb84 100644 --- a/dirmngr/dns-cert.h +++ b/dirmngr/dns-cert.h @@ -47,6 +47,7 @@ #define DNS_CERTTYPE_RRBASE 1024 /* Base of special constants. */ #define DNS_CERTTYPE_RR61 (DNS_CERTTYPE_RRBASE + 61) +gpg_error_t enable_dns_tormode (void); gpg_error_t get_dns_cert (const char *name, int want_certtype, void **r_key, size_t *r_keylen, unsigned char **r_fpr, size_t *r_fprlen, diff --git a/dirmngr/server.c b/dirmngr/server.c index bfcdd5759..f6225d438 100644 --- a/dirmngr/server.c +++ b/dirmngr/server.c @@ -713,8 +713,9 @@ cmd_dns_cert (assuan_context_t ctx, char *line) } } - if (opt.use_tor) + if (opt.use_tor && enable_dns_tormode ()) { + /* TOR mode is requested but the DNS code can't enable it. */ err = gpg_error (GPG_ERR_FORBIDDEN); goto leave; } |