aboutsummaryrefslogtreecommitdiffstats
path: root/dirmngr (follow)
Commit message (Collapse)AuthorAgeFilesLines
* ldap: Improve info output for v3 fallbackWerner Koch2016-06-141-2/+3
| | | | | | | | * dirmngr/dirmngr_ldap.c (fetch_ldap): Do not use log_debug in an unprotected section. Replace log_debug by log_info in verbose mode. -- GnuPG-bug-id: 2376
* dirmngr: Try ldap protocol V3 as fallbackAndre Heinecke2016-06-141-0/+12
| | | | | | | | | | | | | * dirmngr/dirmngr_ldap.c (fetch_ldap): Try V3 Protocol in case default Protocol gives error. -- Servers may have blocked V2 Protocol, in which case the bind will result in a Protocol Error. In that case we try again with v3 Protocol if the ldap libarary used to compile dirmngr supports V3. Signed-off-by: Andre Heinecke <[email protected]>
* dirmngr: Print ldap error if bind failsAndre Heinecke2016-06-141-1/+1
| | | | | | | | | | * dirmngr/dirmngr_ldap.c (fetch_ldap): Use ldap_err2string on bind return. -- ldap_simple_bind_s does not set errno. Signed-off-by: Andre Heinecke <[email protected]>
* doc: Consistently use 'keyserver'.Werner Koch2016-06-141-1/+1
| | | | | | | -- GnuPG-bug-id: 2383 Signed-off-by: Werner Koch <[email protected]>
* Explicitly restrict socket permissions.Werner Koch2016-06-081-0/+4
| | | | | | | | | | * agent/gpg-agent.c (create_server_socket): Call chmod before listen. * scd/scdaemon.c (create_server_socket): Ditto. * dirmngr/dirmngr.c (main): Ditto. -- This is just in case of a improperly set umask. Note that a connect requires a write permissions.
* Do not use no-libgcrypt dummy for toolsWerner Koch2016-06-081-5/+4
| | | | | | | | | | | | | | | * tools/Makefile.am (gpgconf_SOURCES): Remove no-libgcrypt.c. (gpgconf_LDADD): Add LIBGCRYPT_LIBS. (gpg_connect_agent_LDADD): Ditto. (gpgtar_LDADD): Ditto. * dirmngr/Makefile.am (dirmngr_client_LDADD): Ditto. (t_common_ldadd): Ditto. Remove no-libgcrypt.o. -- We need this change so that a future code in common/ can use Libgcrypt functions; in particular hashing. Signed-off-by: Werner Koch <[email protected]>
* common: Remove homedir arg from start_new_{dirmngr,gpg_agent}.Werner Koch2016-06-071-1/+0
| | | | | | | | | | * common/asshelp.c (start_new_gpg_agent): Remove arg 'homedir' in favor of gnupg_homedir (). Change all callers. (start_new_dirmngr): Ditto. * common/get-passphrase.c (gnupg_prepare_get_passphrase): Remove arg 'homedir'. Signed-off-by: Werner Koch <[email protected]>
* Replace use of opt.homedir by accessor functions.Werner Koch2016-06-073-31/+20
| | | | | | | | | | | | | | | | | | | * common/homedir.c (the_gnupg_homedir): New var. (gnupg_set_homedir): New. (gnupg_homedir): New. * g10/options.h (struct opt): Remove 'homedir' and replace all users by the new accessor functions. * g13/g13-common.h (struct opt): Ditto. * scd/scdaemon.h (struct opt): Ditto. * sm/gpgsm.h (struct opt): Ditto. * dirmngr/dirmngr.h (struct opt): Ditto. * agent/preset-passphrase.c (opt_homedir): Ditto. * agent/protect-tool.c (opt_homedir): Ditto. -- This will make detection of a non-default homedir easier. Signed-off-by: Werner Koch <[email protected]>
* common: Extend gnupg_create_inbound_pipe et al.Werner Koch2016-05-271-2/+2
| | | | | | | | | | | | | | * common/exechelp-posix.c (gnupg_create_inbound_pipe): Add args 'r_fp' and 'nonblock'. (gnupg_create_outbound_pipe): Ditto. * common/exechelp-w32.c (gnupg_create_inbound_pipe): Add non yet functional args 'r_fp' and 'nonblock'. (gnupg_create_outbound_pipe): Ditto. * common/exechelp-w32ce.c (gnupg_create_inbound_pipe): Ditto. (gnupg_create_outbound_pipe): Ditto. -- Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Adjust the WKD lookup to specs version -01.Werner Koch2016-05-181-2/+0
| | | | | | | | | * dirmngr/server.c (cmd_wkd_get): Remove second occurrence of the domain part. -- This change updates gnupg to comply with draft-koch-openpgp-webkey-service-01
* dirmngr: Add experimental command WKD_GET.Werner Koch2016-04-271-4/+74
| | | | | | | * dirmngr/server.c (cmd_wkd_get): New. (register_commands): Add command WKD_GET. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Use system provided root CAs with KS_FETCH.Werner Koch2016-04-271-1/+3
| | | | | | * dirmngr/ks-engine-http.c (ks_http_fetch): Use HTTP_FLAG_TRUST_SYS. Signed-off-by: Werner Koch <[email protected]>
* http: Allow to request system defined CAs for TLS.Werner Koch2016-04-265-14/+41
| | | | | | | | | | | | * dirmngr/http.h (HTTP_FLAG_TRUST_DEF, HTTP_FLAG_TRUST_SYS): New. * dirmngr/http.c (http_session_new): Add arg "flags". * dirmngr/ks-engine-hkp.c (send_request): Use new flag HTTP_FLAG_TRUST_DEF for the new arg of http_session_new. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/t-http.c (main): Ditto. -- Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Fix https never reported in general helpAndre Heinecke2016-04-151-1/+7
| | | | | | | | * dirmngr/ks-engine-http.c (ks_hkp_help): Also print https when supported and no uri provided. -- Wrong reporting was pointed out by K_F, again.
* dirmngr: Fix https incorrectly reported in helpAndre Heinecke2016-04-151-0/+2
| | | | | | | | | * dirmngr/ks-engine-http.c (ks_hkp_help): Only print https if tls is supported. -- Wrong reporting was pointed out by K_F. Check is the same as in ks-engine-hkp.c
* dirmngr: Autodetect PEM format in dirmngr-client.Justus Winter2016-04-051-13/+30
| | | | | | | | | | | * dirmngr/dirmngr-client.c (init_asctobin): New function. (main): Move the initialization code to the new function. (read_pem_certificate): Initialize base64 table. (read_certificate): Try to decode certificates given in files as PEM first. GnuPG-bug-id: 1844 Signed-off-by: Justus Winter <[email protected]>
* dirmngr: Add more missing CFLAGS.Justus Winter2016-03-031-2/+2
| | | | | | | | | * dirmngr/Makefile.am (t_ldap_parse_uri_CFLAGS): Add 'GCRYPT_CFLAGS'. (t_dns_stuff_CFLAGS): Likewise. GnuPG-bug-id: 2235 Signed-off-by: Justus Winter <[email protected]>
* common: Consolidate Assuan server argument handling.Justus Winter2016-03-021-72/+1
| | | | | | | | | | | | | | | * common/Makefile.am (common_sources): Add new files. * common/server-help.c: New file. * common/server-help.h: Likewise. * agent/command.c: Drop argument handling primitives in favor of using the consolidated ones. * dirmngr/server.c: Likewise. * g10/server.c: Likewise. * g13/server.c: Likewise. * scd/command.c: Likewise. * sm/server.c: Likewise. Signed-off-by: Justus Winter <[email protected]>
* dirmngr: Add missing CFLAGS.Justus Winter2016-03-011-2/+4
| | | | | | | | * dirmngr/Makefile.am (t_ldap_parse_uri_CFLAGS): Add 'GPG_ERROR_CFLAGS'. (t_dns_stuff_CFLAGS): Likewise. Signed-off-by: Justus Winter <[email protected]>
* dirmngr: fix for memory alignment.NIIBE Yutaka2016-02-151-6/+14
| | | | | | | | | * dirmngr/dns-stuff.c (get_dns_cert): Cast through void *. (getsrv, get_dns_cname): Make sure it's aligned for HEADER. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Build fix for FreeBSD (EAI macros)Werner Koch2016-01-271-0/+4
| | | | | | | | | * dirmngr/dns-stuff.c (map_eai_to_gpg_error): Map EAI_NODATA and EAI_ADDRFAMILY only if defined. -- Reported-by: Christoph Moench-Tegeder <[email protected]> Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Indicate that serial numbers are hexadecimal.Werner Koch2016-01-223-9/+16
| | | | | | | | | | * dirmngr/misc.c (hexify_data): Add arg with_prefix. Adjust all callers. * dirmngr/crlcache.c (cache_isvalid): Print "0x" in front of the S/N. -- GnuPG-bug-id: 1147 Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Provide the keyserver pool name even if there is no CNAME.Werner Koch2016-01-221-2/+2
| | | | | | | | | | | * dirmngr/ks-engine-hkp.c (map_host): Fix setting of r_poolname. -- map_host is intended to return the name of the pool as an additional information. However this broke some time ago and a pool name was only retrained if the pool name was retrieved from a DNS CNAME. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Use sks-keyservers CA by default for the hkps pool.Daniel Kahn Gillmor2016-01-226-5/+36
| | | | | | | | | | | | | | | | | | * dirmngr/Makefile.am (dist_pkgdata_DATA): Add sks-keyservers.netCA.pem. * dirmngr/http.c (http_session_new): Add optional arg intended_hostname and set a default cert. * dirmngr/ks-engine-hkp.c (send_request): Pass httphost to http_session_new. -- Ship the certificate for the sks-keyservers hkps pool. If the user has specified that they want to use hkps://hkps.pool.sks-keyservers.net, and they have not specified any hkp-cacert explicitly, then initialize the trust path with this specific trust anchor. Co-authored-by: [email protected] Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Silence one regression test.Werner Koch2016-01-061-2/+4
| | | | | | | * dirmngr/t-dns-stuff.c (main): Do not print info during standard "make check". Signed-off-by: Werner Koch <[email protected]>
* gpg: Suppress a warning.Neal H. Walfield2015-12-221-0/+2
| | | | | | | | * dirmngr/dns-stuff.c (enable_dns_tormode): Reference new_circuit to avoid a warning when ADNS is not available. -- Signed-off-by: Neal H. Walfield <[email protected]>
* dirmngr: Initialize http status code.Justus Winter2015-12-071-1/+1
| | | | | | | | | * dirmngr/ks-action.c (ks_action_search): Initialize 'http_status' as it is unused if LDAP is used to search for keys. -- This amends 6ac57a48. Signed-off-by: Justus Winter <[email protected]>
* dirmngr: Stricter handling of http error codes.Justus Winter2015-12-043-13/+21
| | | | | | | | | | | * dirmngr/ks-action.c (ks_action_search): Only retry if the keyserver responded with a '404 Not Found'. * dirmngr/ks-engine-hkp.c (send_request): Return http status code. (ks_hkp_search): Likewise. (ks_hkp_{get,put}): Adapt call to 'send_request'. * dirmngr/ks-engine.h (ks_hkp_search): Update prototype. Signed-off-by: Justus Winter <[email protected]>
* dirmngr: Really search all keyservers for patterns.Justus Winter2015-12-041-1/+14
| | | | | | | | * dirmngr/ks-action.c (ks_action_search): Search all configured keyservers for the given patterns. Signed-off-by: Justus Winter <[email protected]> GnuPG-bug-id: 1038
* dirmngr: Handle http status '501 Not Implemented'.Justus Winter2015-12-041-0/+4
| | | | | | | | * dirmngr/ks-engine-hkp.c (send_request): Handle status 501 and return GPG_ERR_NOT_IMPLEMENTED. Signed-off-by: Justus Winter <[email protected]> GnuPG-bug-id: 1221
* dirmngr: Add command to print the resolver version.Werner Koch2015-12-041-0/+12
| | | | * dirmngr/server.c (cmd_getinfo): Add sub-command "dnsinfo".
* build: Require at least Libassuan 2.4.1.Werner Koch2015-12-022-17/+0
| | | | | | | | | | | | | | | * configure.ac (NEED_LIBASSUAN_VERSION): Set to 2.4.1. * agent/gpg-agent.c (create_server_socket): Remove check for libassuan >= 2.3.0 and >= 2.1.4. (main): Remove check for libassuan >= 2.1.4. * scd/scdaemon.c (create_server_socket): Remove check for libassuan >= 2.1.4. * dirmngr/dirmngr.c (set_tor_mode): Remove check for libassuan >= 2.3.0. * dirmngr/http.c (http_raw_connect, send_request): Remove checks for libassuan >= 2.3.0. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Switch to an onion address if Tor is running.Werner Koch2015-12-023-31/+122
| | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/dirmngr.h (opt): Turn field 'keyserver' into an strlist. * dirmngr/dirmngr.c (parse_rereadable_options): Allow multiple --keyserver options. * dirmngr/server.c (server_local_s): Add field 'tor_state'. (release_uri_item_list): New. (release_ctrl_keyservers): Use it. (start_command_handler): Release list of keyservers. (is_tor_running): New. (cmd_getinfo): Re-implement "tor" subcommand using new fucntion. (ensure_keyserver): Rewrite. * g10/dirmngr-conf.skel: Add two keyserver options. -- This feature is independent of --use-tor and automagically uses Tor if available. The dirmngr.conf file needs to specify two keyservers to make this work. For new installations this is done using the skeleton file. This feature requires the Libassuan 2.4.2 to work. This patch also fixes a memory leak of opt.keyserver en passant. Signed-off-by: Werner Koch <[email protected]>
* http: Enhance parser to detect .onion addresses.Werner Koch2015-12-023-33/+45
| | | | | | | | * dirmngr/http.h (parsed_uri_s): Add flag 'onion'. * dirmngr/http.c (do_parse_uri): Set that flag. * dirmngr/t-http.c (main): Print flags. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Improve error handling.Justus Winter2015-12-011-3/+2
| | | | | | | | | | * dirmngr/dns-stuff.c (getsrv): Avoid looking at 'header' before checking for errors, but silently ignore errors when looking up SRV records. -- This is a follow-up to 946faaff. Signed-off-by: Justus Winter <[email protected]>
* Silence compiler warnings related to not using assuan_fd_t.Werner Koch2015-11-271-2/+2
| | | | | | | | | | | | * common/call-gpg.c (start_gpg): Use assuan_fd_t. Note that the declaration was already fixed by a previous change. * dirmngr/server.c (cmd_getinfo): Use assuan_fd_t. -- Note that this matters only for Windows and it does not harm as long as we can only build for 32 bit Windows withsizeof(int)==sizeof(void*). Signed-off-by: Werner Koch <[email protected]>
* Avoid incompatible pointer assignment warnings on Windows.Werner Koch2015-11-272-10/+11
| | | | | | | | | | | | | | * common/logging.c (fun_writer): Use gpgrt_ssize_t instead of ssize_t. * dirmngr/server.c (data_line_cookie_write): Ditto. * sm/certdump.c (format_name_writer): Ditto. * sm/server.c (data_line_cookie_write): Ditto. * dirmngr/http.c (cookie_read, cookie_write): Ditto. -- See the release notes of libgpg-error 1.15 for background info on gpgrt_ssize_t. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Avoid casting away a const from an char**.Werner Koch2015-11-271-13/+38
| | | | | | | * dirmngr/ldap.c (start_cert_fetch_ldap): Do not use pointers from global variables. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Allow testing for a running Tor via "getinfo tor".Werner Koch2015-11-271-2/+19
| | | | | | | * dirmngr/server.c (cmd_getinfo): Print an S line if Tor is not running. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Improve output of "getinfo tor".Werner Koch2015-11-261-1/+7
| | | | | | * dirmngr/server.c (cmd_getinfo): Print a message along with OK. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Let Libassuan employ nPth wrappers for connect.Werner Koch2015-11-261-9/+0
| | | | | | | | | | | | * dirmngr/http.c (my_unprotect, my_protect): Remove. (connect_server): Do not use these wrappers. -- Since Libassuan version 2.4.2 the macro ASSUAN_SYSTEM_NPTH_IMPL protects the low-level connect calls with npth_unprotect and npth_protect. This is better than the high-level kludge we used here. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Fix http lookups when libadns is used.Justus Winter2015-11-231-1/+1
| | | | | | | | * dirmngr/dns-stuff.c (resolve_name_adns): Fill in the port. -- Previously, sin_port was set to zero, making connect fail. Signed-off-by: Justus Winter <[email protected]>
* dirmngr: Fix SRV record lookups when using the system resolver.Justus Winter2015-11-231-2/+2
| | | | | | | | * dirmngr/dns-stuff.c (getsrv): Fix error handling. -- This fixes hkp server pools not using SRV records. Signed-off-by: Justus Winter <[email protected]>
* dirmngr: Honor ports specified in SRV records.Justus Winter2015-11-231-14/+32
| | | | | | | | | | * dirmngr/ks-engine-hkp.c (struct hostinfo_s): New field 'port'. (create_new_hostinfo): Initialize 'port'. (add_host): Add host parameter and update the hosttable entry. (map_host): Return port if known, adjust calls to 'add_host'. (make_host_part): Let 'map_host' specify the port if known. Signed-off-by: Justus Winter <[email protected]>
* dirmngr: Support hkp server pools using SRV records.Justus Winter2015-11-231-1/+46
| | | | | | | * dirmngr/ks-engine-hkp.c (map_host): Handle SRV records. -- Signed-off-by: Justus Winter <[email protected]> GnuPG-bug-id: 1788
* dirmngr: Refactor 'map_host'.Justus Winter2015-11-231-99/+110
| | | | | | | * dirmngr/ks-engine-hkp.c (add_host): New function. (map_host): Use the new function. Signed-off-by: Justus Winter <[email protected]>
* dirmngr: Fix pool detection.Justus Winter2015-11-231-2/+2
| | | | | | * dirmngr/ks-engine-hkp (arecords_is_pool): Fix counting IP addresses. Signed-off-by: Justus Winter <[email protected]>
* dirmngr: Refactor 'map_host'.Justus Winter2015-11-231-12/+21
| | | | | | | * dirmngr/ks-engine-hkp.c (arecords_is_pool): New function. (map_host): Use the new function. Signed-off-by: Justus Winter <[email protected]>
* dirmngr: Start dirmngr on demand.Justus Winter2015-11-231-130/+16
| | | | | | | | | | * common/asshelp.h: Include 'util.h'. * dirmngr/dirmngr-client.c (main): Use 'start_new_dirmngr' to connect to the dirmngr. (start_dirmngr): Drop now unused declaration and function. -- Signed-off-by: Justus Winter <[email protected]> GnuPG-bug-id: 1843
* dirmngr: Improve error handling.Justus Winter2015-11-191-0/+1
| | | | | | | | * dirmngr/crlcache.c (crl_cache_cert_isvalid): Add missing break. -- Found using the Clang Static Analyzer. Signed-off-by: Justus Winter <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-21 18:22:51 +0000