| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
* dirmngr/dns-stuff.c (map_eai_to_gpg_error): Map EAI_NODATA and
EAI_ADDRFAMILY only if defined.
--
Reported-by: Christoph Moench-Tegeder <[email protected]>
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* dirmngr/misc.c (hexify_data): Add arg with_prefix. Adjust all
callers.
* dirmngr/crlcache.c (cache_isvalid): Print "0x" in front of the S/N.
--
GnuPG-bug-id: 1147
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* dirmngr/ks-engine-hkp.c (map_host): Fix setting of r_poolname.
--
map_host is intended to return the name of the pool as an additional
information. However this broke some time ago and a pool name was
only retrained if the pool name was retrieved from a DNS CNAME.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/Makefile.am (dist_pkgdata_DATA): Add sks-keyservers.netCA.pem.
* dirmngr/http.c (http_session_new): Add optional arg
intended_hostname and set a default cert.
* dirmngr/ks-engine-hkp.c (send_request): Pass httphost to
http_session_new.
--
Ship the certificate for the sks-keyservers hkps pool. If the user
has specified that they want to use
hkps://hkps.pool.sks-keyservers.net, and they have not specified any
hkp-cacert explicitly, then initialize the trust path with this
specific trust anchor.
Co-authored-by: [email protected]
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
* dirmngr/t-dns-stuff.c (main): Do not print info during standard
"make check".
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
| |
* dirmngr/dns-stuff.c (enable_dns_tormode): Reference new_circuit to
avoid a warning when ADNS is not available.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* dirmngr/ks-action.c (ks_action_search): Initialize 'http_status' as
it is unused if LDAP is used to search for keys.
--
This amends 6ac57a48.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* dirmngr/ks-action.c (ks_action_search): Only retry if the keyserver
responded with a '404 Not Found'.
* dirmngr/ks-engine-hkp.c (send_request): Return http status code.
(ks_hkp_search): Likewise.
(ks_hkp_{get,put}): Adapt call to 'send_request'.
* dirmngr/ks-engine.h (ks_hkp_search): Update prototype.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
| |
* dirmngr/ks-action.c (ks_action_search): Search all configured
keyservers for the given patterns.
Signed-off-by: Justus Winter <[email protected]>
GnuPG-bug-id: 1038
|
| |
|
|
|
|
|
|
| |
* dirmngr/ks-engine-hkp.c (send_request): Handle status 501 and return
GPG_ERR_NOT_IMPLEMENTED.
Signed-off-by: Justus Winter <[email protected]>
GnuPG-bug-id: 1221
|
| |
|
|
| |
* dirmngr/server.c (cmd_getinfo): Add sub-command "dnsinfo".
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac (NEED_LIBASSUAN_VERSION): Set to 2.4.1.
* agent/gpg-agent.c (create_server_socket): Remove check for
libassuan >= 2.3.0 and >= 2.1.4.
(main): Remove check for libassuan >= 2.1.4.
* scd/scdaemon.c (create_server_socket): Remove check for
libassuan >= 2.1.4.
* dirmngr/dirmngr.c (set_tor_mode): Remove check for
libassuan >= 2.3.0.
* dirmngr/http.c (http_raw_connect, send_request): Remove checks for
libassuan >= 2.3.0.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/dirmngr.h (opt): Turn field 'keyserver' into an strlist.
* dirmngr/dirmngr.c (parse_rereadable_options): Allow multiple
--keyserver options.
* dirmngr/server.c (server_local_s): Add field 'tor_state'.
(release_uri_item_list): New.
(release_ctrl_keyservers): Use it.
(start_command_handler): Release list of keyservers.
(is_tor_running): New.
(cmd_getinfo): Re-implement "tor" subcommand using new fucntion.
(ensure_keyserver): Rewrite.
* g10/dirmngr-conf.skel: Add two keyserver options.
--
This feature is independent of --use-tor and automagically uses Tor if
available. The dirmngr.conf file needs to specify two keyservers to
make this work. For new installations this is done using the skeleton
file. This feature requires the Libassuan 2.4.2 to work.
This patch also fixes a memory leak of opt.keyserver en passant.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
| |
* dirmngr/http.h (parsed_uri_s): Add flag 'onion'.
* dirmngr/http.c (do_parse_uri): Set that flag.
* dirmngr/t-http.c (main): Print flags.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* dirmngr/dns-stuff.c (getsrv): Avoid looking at 'header' before
checking for errors, but silently ignore errors when looking up SRV
records.
--
This is a follow-up to 946faaff.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* common/call-gpg.c (start_gpg): Use assuan_fd_t. Note that the
declaration was already fixed by a previous change.
* dirmngr/server.c (cmd_getinfo): Use assuan_fd_t.
--
Note that this matters only for Windows and it does not harm as long
as we can only build for 32 bit Windows withsizeof(int)==sizeof(void*).
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/logging.c (fun_writer): Use gpgrt_ssize_t instead of ssize_t.
* dirmngr/server.c (data_line_cookie_write): Ditto.
* sm/certdump.c (format_name_writer): Ditto.
* sm/server.c (data_line_cookie_write): Ditto.
* dirmngr/http.c (cookie_read, cookie_write): Ditto.
--
See the release notes of libgpg-error 1.15 for background info on
gpgrt_ssize_t.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
* dirmngr/ldap.c (start_cert_fetch_ldap): Do not use pointers from
global variables.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
* dirmngr/server.c (cmd_getinfo): Print an S line if Tor is not
running.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
| |
* dirmngr/server.c (cmd_getinfo): Print a message along with OK.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/http.c (my_unprotect, my_protect): Remove.
(connect_server): Do not use these wrappers.
--
Since Libassuan version 2.4.2 the macro ASSUAN_SYSTEM_NPTH_IMPL
protects the low-level connect calls with npth_unprotect and
npth_protect. This is better than the high-level kludge we used here.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
| |
* dirmngr/dns-stuff.c (resolve_name_adns): Fill in the port.
--
Previously, sin_port was set to zero, making connect fail.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
| |
* dirmngr/dns-stuff.c (getsrv): Fix error handling.
--
This fixes hkp server pools not using SRV records.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* dirmngr/ks-engine-hkp.c (struct hostinfo_s): New field 'port'.
(create_new_hostinfo): Initialize 'port'.
(add_host): Add host parameter and update the hosttable entry.
(map_host): Return port if known, adjust calls to 'add_host'.
(make_host_part): Let 'map_host' specify the port if known.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
| |
* dirmngr/ks-engine-hkp.c (map_host): Handle SRV records.
--
Signed-off-by: Justus Winter <[email protected]>
GnuPG-bug-id: 1788
|
| |
|
|
|
|
|
| |
* dirmngr/ks-engine-hkp.c (add_host): New function.
(map_host): Use the new function.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
| |
* dirmngr/ks-engine-hkp (arecords_is_pool): Fix counting IP addresses.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
| |
* dirmngr/ks-engine-hkp.c (arecords_is_pool): New function.
(map_host): Use the new function.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* common/asshelp.h: Include 'util.h'.
* dirmngr/dirmngr-client.c (main): Use 'start_new_dirmngr' to connect
to the dirmngr.
(start_dirmngr): Drop now unused declaration and function.
--
Signed-off-by: Justus Winter <[email protected]>
GnuPG-bug-id: 1843
|
| |
|
|
|
|
|
|
| |
* dirmngr/crlcache.c (crl_cache_cert_isvalid): Add missing break.
--
Found using the Clang Static Analyzer.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* dirmngr/ldap.c (start_cert_fetch_ldap): Avoid leaking all malloc'ed
arguments.
--
Found using the Clang Static Analyzer.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
| |
--
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/http.c (close_tls_session): New function.
(session_unref): Use the new function to close the TLS stream.
(cookie_read): If the stream terminated prematurely, close it and
return a short read.
--
With this patch, I was able to update all the keys in the Debian
keyring over hkps.
Signed-off-by: Justus Winter <[email protected]>
GnuPG-bug-id: 1950
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/ks-engine-hkp.c (map_host): Update the original 'hosttable'
entry instead of creating another one.
--
Previously, if a keyserver was given using its IP address
(e.g. 'hkp://127.0.0.1'), 'map_host' would create two entries in the
'hosttable', one with the name '127.0.0.1', and the second one with
the name 'localhost' and 'v4addr' being set to '127.0.0.1'. But the
first entry is the one being used for lookups, and since the 'v4' flag
is not set, the 'HTTP_FLAG_IGNORE_IPv4' is used when doing the http
request, making it fail.
Signed-off-by: Justus Winter <[email protected]>
GnuPG-bug-id: 2012
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/cache.c: Fix typos.
* agent/call-pinentry.c: Likewise.
* agent/call-scd.c: Likewise.
* agent/command-ssh.c: Likewise.
* agent/command.c: Likewise.
* agent/divert-scd.c: Likewise.
* agent/findkey.c: Likewise.
* agent/gpg-agent.c: Likewise.
* agent/w32main.c: Likewise.
* common/argparse.c: Likewise.
* common/audit.c: Likewise.
* common/audit.h: Likewise.
* common/convert.c: Likewise.
* common/dotlock.c: Likewise.
* common/exechelp-posix.c: Likewise.
* common/exechelp-w32.c: Likewise.
* common/exechelp-w32ce.c: Likewise.
* common/exechelp.h: Likewise.
* common/helpfile.c: Likewise.
* common/i18n.h: Likewise.
* common/iobuf.c: Likewise.
* common/iobuf.h: Likewise.
* common/localename.c: Likewise.
* common/logging.c: Likewise.
* common/openpgp-oid.c: Likewise.
* common/session-env.c: Likewise.
* common/sexputil.c: Likewise.
* common/sysutils.c: Likewise.
* common/t-sexputil.c: Likewise.
* common/ttyio.c: Likewise.
* common/util.h: Likewise.
* dirmngr/cdblib.c: Likewise.
* dirmngr/certcache.c: Likewise.
* dirmngr/crlcache.c: Likewise.
* dirmngr/dirmngr-client.c: Likewise.
* dirmngr/dirmngr.c: Likewise.
* dirmngr/dirmngr_ldap.c: Likewise.
* dirmngr/dns-stuff.c: Likewise.
* dirmngr/http.c: Likewise.
* dirmngr/ks-engine-hkp.c: Likewise.
* dirmngr/ks-engine-ldap.c: Likewise.
* dirmngr/ldap-wrapper.c: Likewise.
* dirmngr/ldap.c: Likewise.
* dirmngr/misc.c: Likewise.
* dirmngr/ocsp.c: Likewise.
* dirmngr/validate.c: Likewise.
* g10/encrypt.c: Likewise.
* g10/getkey.c: Likewise.
* g10/gpg.c: Likewise.
* g10/gpgv.c: Likewise.
* g10/import.c: Likewise.
* g10/keydb.c: Likewise.
* g10/keydb.h: Likewise.
* g10/keygen.c: Likewise.
* g10/keyid.c: Likewise.
* g10/keylist.c: Likewise.
* g10/keyring.c: Likewise.
* g10/mainproc.c: Likewise.
* g10/misc.c: Likewise.
* g10/options.h: Likewise.
* g10/packet.h: Likewise.
* g10/parse-packet.c: Likewise.
* g10/pkclist.c: Likewise.
* g10/pkglue.c: Likewise.
* g10/plaintext.c: Likewise.
* g10/server.c: Likewise.
* g10/sig-check.c: Likewise.
* g10/sqlite.c: Likewise.
* g10/tdbio.c: Likewise.
* g10/test-stubs.c: Likewise.
* g10/tofu.c: Likewise.
* g10/trust.c: Likewise.
* g10/trustdb.c: Likewise.
* g13/create.c: Likewise.
* g13/mountinfo.c: Likewise.
* kbx/keybox-blob.c: Likewise.
* kbx/keybox-file.c: Likewise.
* kbx/keybox-init.c: Likewise.
* kbx/keybox-search-desc.h: Likewise.
* kbx/keybox-search.c: Likewise.
* kbx/keybox-update.c: Likewise.
* scd/apdu.c: Likewise.
* scd/app-openpgp.c: Likewise.
* scd/app-p15.c: Likewise.
* scd/app.c: Likewise.
* scd/ccid-driver.c: Likewise.
* scd/command.c: Likewise.
* scd/iso7816.c: Likewise.
* sm/base64.c: Likewise.
* sm/call-agent.c: Likewise.
* sm/call-dirmngr.c: Likewise.
* sm/certchain.c: Likewise.
* sm/gpgsm.c: Likewise.
* sm/import.c: Likewise.
* sm/keydb.c: Likewise.
* sm/minip12.c: Likewise.
* sm/qualified.c: Likewise.
* sm/server.c: Likewise.
* tools/gpg-check-pattern.c: Likewise.
* tools/gpgconf-comp.c: Likewise.
* tools/gpgkey2ssh.c: Likewise.
* tools/gpgparsemail.c: Likewise.
* tools/gpgtar.c: Likewise.
* tools/rfc822parse.c: Likewise.
* tools/symcryptrun.c: Likewise.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* dirmngr/dns-stuff.c: Include npth.h
(my_unprotect, my_protect): New wrapper.
(resolve_name_adns): Put unprotect/protect around adns calls.
(get_dns_cert): Ditto.
(getsrv): Ditto.
(get_dns_cname): Ditto.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/dirmngr.c (oNameServer): New.
(opts): Add --nameserver.
(parse_rereadable_options): Act upon oNameServer.
* dirmngr/dns-stuff.c (DEFAULT_NAMESERVER): New.
(tor_nameserver): New.
(set_dns_nameserver): New.
(my_adns_init): Make name server configurable.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/dns-stuff.c (tor_credentials): New.
(enable_dns_tormode): Add arg new_circuit and update tor_credentials.
(my_adns_init): Rework to set Tor mode using a config file options and
always use credentials.
* dirmngr/server.c (cmd_dns_cert): Improve error message.
* dirmngr/t-dns-stuff.c (main): Add option --new-circuit.
--
Note that the option --new-circuit in t-dns-stuff is not really useful
because a new circuit is also used for the first call to the function.
Todo: We need to find a policy when to requrest a new curcuit and we
also need to add credentials to the assuan_sock_connect calls.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
| |
* configure.ac (HAVE_ADNS_FREE): New ac_define.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
* common/util.h (zb32_encode): Move prototype to ...
* common/zb32.h: new. Include this for all callers of zb32_encode.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* dirmngr/crlcache.c (crl_parse_insert): Set error before leaping to
failure.
--
GnuPG-bug-id: 2082
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
* dirmngr/dns-stuff.c: Include unistd.h.
(getsrv): Run srand only once.
* dirmngr/t-dns-stuff.c (main): Allow passing another name for --srv
and change output format.
|
| |
|
|
|
|
|
|
|
| |
* dirmngr/dns-stuff.c: Replace all use of default_errsource.
(my_adns_init): Move to top.
(resolve_name_adns): New.
(resolve_dns_name) [USE_ADNS]: Divert to new func.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/dns-stuff.c (is_onion_address): New.
* dirmngr/ks-engine-hkp.c (hostinfo_s): Add field "onion".
(map_host): Special case onion addresses.
(ks_hkp_print_hosttable): Print an 'O' for an onion address.
* dirmngr/http.c (connect_server): Special case onion addresses.
--
Note that this requires the latest libassuan from git. Onion addresses
are always support regardless of the --use-tor flag.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* dirmngr/http.c (connect_server) [W32]: Remove gethostbyname hack;
we require getaddrinfo anyway.
* dirmngr/dns-stuff.c (AI_ADDRCONFIG): Add replacement if not defined.
(map_eai_to_gpg_error) [W32]: Take care of unsupported codes.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/dns-stuff.c (resolve_name_standard): On failure retry by
first resolving the CNAME.
(get_dns_cname): New.
* dirmngr/t-dns-stuff.c (main): Add option --cname.
--
At least the getaddrinfo implementation in glibc 2.19-13 from Debian
returns EAI_NONAME if the CNAME points to a too long list of A/AAAA
addresses. Looking at the wire the data is correctly returned from
the server but getaddrinfo seems to get confused by truncation and
retry. To fix this we resolve the CNAME again and call getaddrinfo
again with the canonical name.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
* dirmngr/dns-stuff.c (resolve_name_standard): Use AI_ADDRCONFIG.
|
| |
|
|
|
|
|
| |
* dirmngr/ks-engine-hkp.c (my_getnameinfo): Remove.
(map_host): Use resolve_dns_addr.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/dns-stuff.h (DNS_NUMERICHOST): New.
(DNS_WITHBRACKET): New.
* dirmngr/dns-stuff.c (resolve_name_standard): Factor code out to...
(map_eai_to_gpg_error): new.
(resolve_addr_standard): New.
(resolve_dns_addr): New.
* dirmngr/ks-engine-hkp.c (is_ip_address): Move to ...
* dirmngr/dns-stuff.c (is_ip_address): here. Add support for non
bracketed v6 addresses.
* dirmngr/t-dns-stuff.c: Remove header netdb.h.
(main): Add option --bracket. Use resolve_dns_name instead of
getnameinfo.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* dirmngr/dns-stuff.c (get_dns_cert): Factor adns init out to...
(my_adns_init): new.
(getsrv)[USE_ADNS]: Use my_adns_init.
(getsrv)[!USE_ADNS]: Return an error if Tor mode is active.
* dirmngr/t-dns-stuff.c: Add option --use-tor.
Signed-off-by: Werner Koch <[email protected]>
|
