From 6e1c99bc397382f1ea2ba9d61a64328410adc95f Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Sat, 9 Nov 2019 11:29:59 +0100 Subject: gpgsm: Allow sepcification of ldaps servers. * sm/gpgsm.h (struct keyserver_spec): Add field use_ldaps. * sm/gpgsm.c (parse_keyserver_line): Parse flags. * sm/call-dirmngr.c (prepare_dirmngr): Send ldaps flag to the dirmngr. * dirmngr/dirmngr.h (struct ldap_server_s): Add field use_ldaps. * dirmngr/ldapserver.c (ldapserver_parse_one): Parse flags. * dirmngr/ldap.c (start_cert_fetch_ldap): Call wrapper with --tls. * dirmngr/dirmngr_ldap.c: New option --tls. (fetch_ldap): Make use of that option. -- There was no way to specify an LDAPS server in dirmngr_ldapserver.socnf or with gpgsm's --keyserver option. This patch fixes this. Eventually we should allow to replace host and port by a partial URI in the same way ldap_initialize does it. For backward compatibility we do not yet do that. Although the dirmngr code accepts an URL (eg. taken from a certificate), I can't see how the scheme was ever used. Thus the patch also detects an ldaps scheme and uses this. That part has not been tested, though. Signed-off-by: Werner Koch --- dirmngr/ldap.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'dirmngr/ldap.c') diff --git a/dirmngr/ldap.c b/dirmngr/ldap.c index a04bb97a2..ad6b0889b 100644 --- a/dirmngr/ldap.c +++ b/dirmngr/ldap.c @@ -525,7 +525,7 @@ start_cert_fetch_ldap (ctrl_t ctrl, cert_fetch_context_t *context, int argc = 0; int argc_malloced = 0; char portbuf[30], timeoutbuf[30]; - + int use_ldaps = 0; *context = NULL; @@ -554,7 +554,7 @@ start_cert_fetch_ldap (ctrl_t ctrl, cert_fetch_context_t *context, goto leave; } base = server->base; - + use_ldaps = server->use_ldaps; } else /* Use a default server. */ return gpg_error (GPG_ERR_NOT_IMPLEMENTED); @@ -587,6 +587,8 @@ start_cert_fetch_ldap (ctrl_t ctrl, cert_fetch_context_t *context, argv[argc++] = "--proxy"; argv[argc++] = proxy; } + if (use_ldaps) + argv[argc++] = "--tls"; if (host) { argv[argc++] = "--host"; -- cgit v1.2.3