[git] GnuPG - branch, master, updated. gnupg-2.1.2-43-gdc10d46
by Werner Koch
cvs at cvs.gnupg.org
Thu Mar 19 15:39:10 CET 2015
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via dc10d466bff53821f23d2cb4814c259d40c5d9c5 (commit)
from 28bb3ab686c1c994f67a92b6846b3726c58a0bc3 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit dc10d466bff53821f23d2cb4814c259d40c5d9c5
Author: Werner Koch <wk at gnupg.org>
Date: Thu Mar 19 15:37:05 2015 +0100
hkps: Fix host name verification when using pools.
* common/http.c (send_request): Set the requested for SNI.
* dirmngr/ks-engine-hkp.c (map_host): Return the poolname and not
the selecting a host.
--
GnuPG-bug-id: 1792
Thanks to davidw for figuring out the problem.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/common/http.c b/common/http.c
index 50c0692..12e3fcb 100644
--- a/common/http.c
+++ b/common/http.c
@@ -1443,7 +1443,8 @@ send_request (http_t hd, const char *httphost, const char *auth,
}
# if HTTP_USE_NTBTLS
- err = ntbtls_set_hostname (hd->session->tls_session, server);
+ err = ntbtls_set_hostname (hd->session->tls_session,
+ hd->session->servername);
if (err)
{
log_info ("ntbtls_set_hostname failed: %s\n", gpg_strerror (err));
@@ -1452,7 +1453,8 @@ send_request (http_t hd, const char *httphost, const char *auth,
# elif HTTP_USE_GNUTLS
rc = gnutls_server_name_set (hd->session->tls_session,
GNUTLS_NAME_DNS,
- server, strlen (server));
+ hd->session->servername
+ strlen (hd->session->servername));
if (rc < 0)
log_info ("gnutls_server_name_set failed: %s\n", gnutls_strerror (rc));
# endif /*HTTP_USE_GNUTLS*/
diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
index ea607cb..0568094 100644
--- a/dirmngr/ks-engine-hkp.c
+++ b/dirmngr/ks-engine-hkp.c
@@ -521,6 +521,14 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
hi = hosttable[idx];
if (hi->pool)
{
+ /* Deal with the pool name before selecting a host. */
+ if (r_poolname && hi->cname)
+ {
+ *r_poolname = xtrystrdup (hi->cname);
+ if (!*r_poolname)
+ return gpg_error_from_syserror ();
+ }
+
/* If the currently selected host is now marked dead, force a
re-selection . */
if (force_reselect)
@@ -536,6 +544,11 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
if (hi->poolidx == -1)
{
log_error ("no alive host found in pool '%s'\n", name);
+ if (r_poolname)
+ {
+ xfree (*r_poolname);
+ *r_poolname = NULL;
+ }
return gpg_error (GPG_ERR_NO_KEYSERVER);
}
}
@@ -548,6 +561,11 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
if (hi->dead)
{
log_error ("host '%s' marked as dead\n", hi->name);
+ if (r_poolname)
+ {
+ xfree (*r_poolname);
+ *r_poolname = NULL;
+ }
return gpg_error (GPG_ERR_NO_KEYSERVER);
}
@@ -564,13 +582,6 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
*r_httpflags |= HTTP_FLAG_IGNORE_IPv6;
}
- if (r_poolname && hi->pool && hi->cname)
- {
- *r_poolname = xtrystrdup (hi->cname);
- if (!*r_poolname)
- return gpg_error_from_syserror ();
- }
-
*r_host = xtrystrdup (hi->name);
if (!*r_host)
{
-----------------------------------------------------------------------
Summary of changes:
common/http.c | 6 ++++--
dirmngr/ks-engine-hkp.c | 25 ++++++++++++++++++-------
2 files changed, 22 insertions(+), 9 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list