[git] GnuPG - branch, master, updated. gnupg-2.1.0-69-ge8c0ed7

by Werner Koch cvs at cvs.gnupg.org
Wed Dec 10 19:29:27 CET 2014 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  e8c0ed779579293b3f4592d9337bc15ee0fc3fdd (commit)
       via  6d5f12834124ba5ee0e54261531abf95c36c116c (commit)
      from  5bf93f4ea7a11381dd256b5fd4e5913366828265 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit e8c0ed779579293b3f4592d9337bc15ee0fc3fdd
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Dec 8 17:13:11 2014 +0100

    dirmngr: Improve dead host detection.
    
    * dirmngr/ks-engine-hkp.c (handle_send_request_error): Mark host dead
    also for 2 other error messages.

diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
index 0a86b5d..bd98eed 100644
--- a/dirmngr/ks-engine-hkp.c
+++ b/dirmngr/ks-engine-hkp.c
@@ -1075,6 +1075,8 @@ handle_send_request_error (gpg_error_t err, const char *request,
     {
     case GPG_ERR_ECONNREFUSED:
     case GPG_ERR_ENETUNREACH:
+    case GPG_ERR_UNKNOWN_HOST:
+    case GPG_ERR_NETWORK:
       if (mark_host_dead (request) && *tries_left)
         retry = 1;
       break;

commit 6d5f12834124ba5ee0e54261531abf95c36c116c
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Dec 8 17:12:23 2014 +0100

    http: Improve diagnostic messages.
    
    * common/http.c (send_request): Print TLS alert info
    (connect_server): Detect bogus DNS entry.
    --
    
    1. Prints the TLS alert description.
    
    2. Detect case where the DNS returns an IP address but the server is
       not reachable at this address.  This may happen for a server which
       is reachable only at IPv6 but but the local machine has no full
       IPv6 configuration.

diff --git a/common/http.c b/common/http.c
index f129010..50c0692 100644
--- a/common/http.c
+++ b/common/http.c
@@ -1574,7 +1574,21 @@ send_request (http_t hd, const char *httphost, const char *auth,
       while (rc == GNUTLS_E_INTERRUPTED || rc == GNUTLS_E_AGAIN);
       if (rc < 0)
         {
-          log_info ("TLS handshake failed: %s\n", gnutls_strerror (rc));
+          if (rc == GNUTLS_E_WARNING_ALERT_RECEIVED
+              || rc == GNUTLS_E_FATAL_ALERT_RECEIVED)
+            {
+              gnutls_alert_description_t alertno;
+              const char *alertstr;
+
+              alertno = gnutls_alert_get (hd->session->tls_session);
+              alertstr = gnutls_alert_get_name (alertno);
+              log_info ("TLS handshake failed: %s (alert %d)\n",
+                        alertstr, (int)alertno);
+              if (alertno == GNUTLS_A_UNRECOGNIZED_NAME && server)
+                log_info ("  (sent server name '%s')\n", server);
+            }
+          else
+            log_info ("TLS handshake failed: %s\n", gnutls_strerror (rc));
           xfree (proxy_authstr);
           return gpg_err_make (default_errsource, GPG_ERR_NETWORK);
         }
@@ -2115,6 +2129,7 @@ connect_server (const char *server, unsigned short port,
   int sock = -1;
   int srvcount = 0;
   int hostfound = 0;
+  int anyhostaddr = 0;
   int srv, connected;
   int last_errno = 0;
   struct srventry *serverlist = NULL;
@@ -2221,6 +2236,7 @@ connect_server (const char *server, unsigned short port,
               return -1;
             }
 
+          anyhostaddr = 1;
           if (my_connect (sock, ai->ai_addr, ai->ai_addrlen))
             last_errno = errno;
           else
@@ -2274,6 +2290,7 @@ connect_server (const char *server, unsigned short port,
       /* Try all A records until one responds. */
       for (i = 0; host->h_addr_list[i] && !connected; i++)
         {
+          anyhostaddr = 1;
           memcpy (&addr.sin_addr, host->h_addr_list[i], host->h_length);
           if (my_connect (sock, (struct sockaddr *) &addr, sizeof (addr)))
             last_errno = errno;
@@ -2290,17 +2307,23 @@ connect_server (const char *server, unsigned short port,
 
   if (!connected)
     {
+      if (!hostfound)
+        log_error ("can't connect to '%s': %s\n",
+                   server, "host not found");
+      else if (!anyhostaddr)
+        log_error ("can't connect to '%s': %s\n",
+                   server, "no IP address for host");
+      else
+        {
 #ifdef HAVE_W32_SYSTEM
-      log_error ("can't connect to '%s': %s%sec=%d\n",
-                   server,
-                   hostfound? "":"host not found",
-                   hostfound? "":" - ", (int)WSAGetLastError());
+        log_error ("can't connect to '%s': ec=%d\n",
+                   server, (int)WSAGetLastError());
 #else
-      log_error ("can't connect to '%s': %s\n",
-                 server,
-                 hostfound? strerror (last_errno):"host not found");
+        log_error ("can't connect to '%s': %s\n",
+                   server, strerror (last_errno));
 #endif
-      if (!hostfound)
+        }
+      if (!hostfound || (hostfound && !anyhostaddr))
         *r_host_not_found = 1;
       if (sock != -1)
 	sock_close (sock);

-----------------------------------------------------------------------

Summary of changes:
 common/http.c           |   41 ++++++++++++++++++++++++++++++++---------
 dirmngr/ks-engine-hkp.c |    2 ++
 2 files changed, 34 insertions(+), 9 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list