[git] GnuPG - branch, master, updated. gnupg-2.1.0-beta783-28-g84419f4
by Werner Koch
cvs at cvs.gnupg.org
Wed Sep 10 10:37:51 CEST 2014
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 84419f42da0fd436a9e0e669730157e74ce38b77 (commit)
from 3b20cc21de86ac8a475bdefd3aebb02a12fb8d0b (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 84419f42da0fd436a9e0e669730157e74ce38b77
Author: Werner Koch <wk at gnupg.org>
Date: Wed Sep 10 10:37:48 2014 +0200
dirmngr: Support https for KS_FETCH.
* dirmngr/ks-engine-hkp.c (cert_log_cb): Move to ...
* dirmngr/misc.c (cert_log_cb): here.
* dirmngr/ks-engine-http.c (ks_http_fetch): Support 307-redirection
and https.
--
Note that this requires that the root certificates are registered using
the --hkp-cacert option. Eventually we may introduce a separate
option to allow using different CAs for KS_FETCH and keyserver based
requests.
diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
index 762ab4a..12b1778 100644
--- a/dirmngr/ks-engine-hkp.c
+++ b/dirmngr/ks-engine-hkp.c
@@ -880,40 +880,6 @@ ks_hkp_housekeeping (time_t curtime)
}
-/* Callback to print infos about the TLS certificates. */
-static void
-cert_log_cb (http_session_t sess, gpg_error_t err,
- const char *hostname, const void **certs, size_t *certlens)
-{
- ksba_cert_t cert;
- size_t n;
-
- (void)sess;
-
- if (!err)
- return; /* No error - no need to log anything */
-
- log_debug ("expected hostname: %s\n", hostname);
- for (n=0; certs[n]; n++)
- {
- err = ksba_cert_new (&cert);
- if (!err)
- err = ksba_cert_init_from_mem (cert, certs[n], certlens[n]);
- if (err)
- log_error ("error parsing cert for logging: %s\n", gpg_strerror (err));
- else
- {
- char textbuf[20];
- snprintf (textbuf, sizeof textbuf, "server[%u]", (unsigned int)n);
- dump_cert (textbuf, cert);
- }
-
- ksba_cert_release (cert);
- }
-}
-
-
-
/* Send an HTTP request. On success returns an estream object at
R_FP. HOSTPORTSTR is only used for diagnostics. If HTTPHOST is
not NULL it will be used as HTTP "Host" header. If POST_CB is not
diff --git a/dirmngr/ks-engine-http.c b/dirmngr/ks-engine-http.c
index aed3aaa..e4c2b78 100644
--- a/dirmngr/ks-engine-http.c
+++ b/dirmngr/ks-engine-http.c
@@ -38,6 +38,7 @@ ks_http_help (ctrl_t ctrl, parsed_uri_t uri)
const char const data[] =
"Handler for HTTP URLs:\n"
" http://\n"
+ " https://\n"
"Supported methods: fetch\n";
gpg_error_t err;
@@ -58,11 +59,17 @@ gpg_error_t
ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp)
{
gpg_error_t err;
+ http_session_t session = NULL;
http_t http = NULL;
int redirects_left = MAX_REDIRECTS;
estream_t fp = NULL;
char *request_buffer = NULL;
+ err = http_session_new (&session, NULL);
+ if (err)
+ goto leave;
+ http_session_set_log_cb (session, cert_log_cb);
+
*r_fp = NULL;
once_more:
err = http_open (&http,
@@ -72,7 +79,8 @@ ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp)
/* fixme: AUTH */ NULL,
0,
/* fixme: proxy*/ NULL,
- NULL, NULL,
+ session,
+ NULL,
/*FIXME curl->srvtag*/NULL);
if (!err)
{
@@ -112,6 +120,7 @@ ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp)
case 301:
case 302:
+ case 307:
{
const char *s = http_get_header (http, "Location");
@@ -157,6 +166,7 @@ ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp)
leave:
http_close (http, 0);
+ http_session_release (session);
xfree (request_buffer);
return err;
}
diff --git a/dirmngr/misc.c b/dirmngr/misc.c
index 0bca5ee..25652a2 100644
--- a/dirmngr/misc.c
+++ b/dirmngr/misc.c
@@ -384,6 +384,39 @@ cert_log_subject (const char *text, ksba_cert_t cert)
}
+/* Callback to print infos about the TLS certificates. */
+void
+cert_log_cb (http_session_t sess, gpg_error_t err,
+ const char *hostname, const void **certs, size_t *certlens)
+{
+ ksba_cert_t cert;
+ size_t n;
+
+ (void)sess;
+
+ if (!err)
+ return; /* No error - no need to log anything */
+
+ log_debug ("expected hostname: %s\n", hostname);
+ for (n=0; certs[n]; n++)
+ {
+ err = ksba_cert_new (&cert);
+ if (!err)
+ err = ksba_cert_init_from_mem (cert, certs[n], certlens[n]);
+ if (err)
+ log_error ("error parsing cert for logging: %s\n", gpg_strerror (err));
+ else
+ {
+ char textbuf[20];
+ snprintf (textbuf, sizeof textbuf, "server[%u]", (unsigned int)n);
+ dump_cert (textbuf, cert);
+ }
+
+ ksba_cert_release (cert);
+ }
+}
+
+
/****************
* Remove all %xx escapes; this is done inplace.
* Returns: New length of the string.
diff --git a/dirmngr/misc.h b/dirmngr/misc.h
index 928bf78..2dc2985 100644
--- a/dirmngr/misc.h
+++ b/dirmngr/misc.h
@@ -68,6 +68,10 @@ void dump_string (const char *string);
TEXT. This is used for debugging. */
void dump_cert (const char *text, ksba_cert_t cert);
+/* Callback to print infos about the TLS certificates. */
+void cert_log_cb (http_session_t sess, gpg_error_t err,
+ const char *hostname, const void **certs, size_t *certlens);
+
/* Return the host name and the port (0 if none was given) from the
URL. Return NULL on error or if host is not included in the
URL. */
-----------------------------------------------------------------------
Summary of changes:
dirmngr/ks-engine-hkp.c | 34 ----------------------------------
dirmngr/ks-engine-http.c | 12 +++++++++++-
dirmngr/misc.c | 33 +++++++++++++++++++++++++++++++++
dirmngr/misc.h | 4 ++++
4 files changed, 48 insertions(+), 35 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list