gnupg/keyserver (5 files)

Sat Feb 12 04:04:50 CET 2005

Date: Saturday, February 12, 2005 @ 04:15:02
  Author: dshaw
    Path: /cvs/gnupg/gnupg/keyserver

Modified: ChangeLog curl-shim.c curl-shim.h gpgkeys_curl.c gpgkeys_ldap.c

* curl-shim.c (curl_easy_perform): Fix compile warning.

* curl-shim.h, gpgkeys_curl.c (main), gpgkeys_ldap.c (main): Add
ca-cert-file option, to pass in the SSL cert.


----------------+
 ChangeLog      |    5 +++++
 curl-shim.c    |    2 +-
 curl-shim.h    |    3 ++-
 gpgkeys_curl.c |   24 ++++++++++++++++++++++++
 gpgkeys_ldap.c |   35 +++++++++++++++++++++++++++++++++++
 5 files changed, 67 insertions(+), 2 deletions(-)


Index: gnupg/keyserver/ChangeLog
diff -u gnupg/keyserver/ChangeLog:1.112 gnupg/keyserver/ChangeLog:1.113

--- gnupg/keyserver/ChangeLog:1.112	Fri Feb 11 19:05:13 2005
+++ gnupg/keyserver/ChangeLog	Sat Feb 12 04:15:02 2005
@@ -1,5 +1,10 @@
 2005-02-11  David Shaw  <dshaw at jabberwocky.com>
 
+	* curl-shim.c (curl_easy_perform): Fix compile warning.
+
+	* curl-shim.h, gpgkeys_curl.c (main), gpgkeys_ldap.c (main): Add
+	ca-cert-file option, to pass in the SSL cert.
+
 	* curl-shim.h, curl-shim.c: New.  This is code to fake the curl
 	API in terms of the current HTTP iobuf API.
 
Index: gnupg/keyserver/curl-shim.c
diff -u gnupg/keyserver/curl-shim.c:1.1 gnupg/keyserver/curl-shim.c:1.2
--- gnupg/keyserver/curl-shim.c:1.1	Fri Feb 11 19:05:13 2005
+++ gnupg/keyserver/curl-shim.c	Sat Feb 12 04:15:02 2005
@@ -129,7 +129,7 @@
     }
   else
     {
-      size_t maxlen=1024,buflen,len;
+      unsigned int maxlen=1024,buflen,len;
       byte *line=NULL;
 
       while((len=iobuf_read_line(curl->hd.fp_read,&line,&buflen,&maxlen)))
Index: gnupg/keyserver/curl-shim.h
diff -u gnupg/keyserver/curl-shim.h:1.1 gnupg/keyserver/curl-shim.h:1.2
--- gnupg/keyserver/curl-shim.h:1.1	Fri Feb 11 19:05:13 2005
+++ gnupg/keyserver/curl-shim.h	Sat Feb 12 04:15:02 2005
@@ -42,7 +42,8 @@
     CURLOPT_STDERR,
     CURLOPT_VERBOSE,
     CURLOPT_SSL_VERIFYPEER,
-    CURLOPT_PROXY
+    CURLOPT_PROXY,
+    CURLOPT_CAINFO
   } CURLoption;
 
 typedef size_t (*write_func)(char *buffer,size_t size,
Index: gnupg/keyserver/gpgkeys_curl.c
diff -u gnupg/keyserver/gpgkeys_curl.c:1.13 gnupg/keyserver/gpgkeys_curl.c:1.14
--- gnupg/keyserver/gpgkeys_curl.c:1.13	Fri Feb 11 19:05:13 2005
+++ gnupg/keyserver/gpgkeys_curl.c	Sat Feb 12 04:15:02 2005
@@ -158,6 +158,7 @@
   char *thekey=NULL;
   unsigned int timeout=DEFAULT_KEYSERVER_TIMEOUT;
   long follow_redirects=5,debug=0,check_cert=1;
+  char *ca_cert_file=NULL;
 
   console=stderr;
 
@@ -344,6 +345,26 @@
 	      else
 		check_cert=1;
 	    }
+	  else if(strncasecmp(start,"ca-cert-file",12)==0)
+	    {
+	      if(no)
+		{
+		  free(ca_cert_file);
+		  ca_cert_file=NULL;
+		}
+	      else if(start[12]=='=')
+		{
+		  free(ca_cert_file);
+		  ca_cert_file=strdup(&start[13]);
+		  if(!ca_cert_file)
+		    {
+		      fprintf(console,"gpgkeys: out of memory while creating "
+			      "ca_cert_file\n");
+		      ret=KEYSERVER_NO_MEMORY;
+		      goto fail;
+		    }
+		}
+	    }
 
 	  continue;
 	}
@@ -406,6 +427,9 @@
 
   curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,check_cert);
 
+  if(ca_cert_file)
+    curl_easy_setopt(curl,CURLOPT_CAINFO,ca_cert_file);
+
   if(proxy[0])
     curl_easy_setopt(curl,CURLOPT_PROXY,proxy);
 
Index: gnupg/keyserver/gpgkeys_ldap.c
diff -u gnupg/keyserver/gpgkeys_ldap.c:1.49 gnupg/keyserver/gpgkeys_ldap.c:1.50
--- gnupg/keyserver/gpgkeys_ldap.c:1.49	Mon Jan 24 19:23:56 2005
+++ gnupg/keyserver/gpgkeys_ldap.c	Sat Feb 12 04:15:02 2005
@@ -1549,6 +1549,7 @@
   int version,failed=0,use_ssl=0,use_tls=0,bound=0,check_cert=1;
   struct keylist *keylist=NULL,*keyptr=NULL;
   unsigned int timeout=DEFAULT_KEYSERVER_TIMEOUT;
+  char *ca_cert_file=NULL;
 
   console=stderr;
 
@@ -1776,6 +1777,26 @@
 	      else if(start[7]=='\0')
 		timeout=DEFAULT_KEYSERVER_TIMEOUT;
 	    }
+	  else if(strncasecmp(start,"ca-cert-file",12)==0)
+	    {
+	      if(no)
+		{
+		  free(ca_cert_file);
+		  ca_cert_file=NULL;
+		}
+	      else if(start[12]=='=')
+		{
+		  free(ca_cert_file);
+		  ca_cert_file=strdup(&start[13]);
+		  if(!ca_cert_file)
+		    {
+		      fprintf(console,"gpgkeys: out of memory while creating "
+			      "ca_cert_file\n");
+		      ret=KEYSERVER_NO_MEMORY;
+		      goto fail;
+		    }
+		}
+	    }
 
 	  continue;
 	}
@@ -1787,6 +1808,20 @@
       return KEYSERVER_INTERNAL_ERROR;
     }
 
+#if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS_CACERTFILE)
+  if(ca_cert_file)
+    {
+      err=ldap_set_option(NULL,LDAP_OPT_X_TLS_CACERTFILE,ca_cert_file);
+      if(err!=LDAP_SUCCESS)
+	{
+	  fprintf(console,"gpgkeys: unable to set ca-cert-file: %s\n",
+		  ldap_err2string(err));
+	  ret=KEYSERVER_INTERNAL_ERROR;
+	  goto fail;
+	}
+    }
+#endif /* HAVE_LDAP_SET_OPTION && LDAP_OPT_X_TLS_CACERTFILE */
+
   /* SSL trumps TLS */
   if(use_ssl)
     use_tls=0;


