[git] GnuPG - branch, master, updated. gnupg-2.1.17-89-g367349b
by NIIBE Yutaka
cvs at cvs.gnupg.org
Thu Jan 19 07:50:37 CET 2017
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 367349b4dcc97718f8ae1163d1389d2a46fc3453 (commit)
from 34fa2d79a07a079be472c3ff486debfdac8c6070 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 367349b4dcc97718f8ae1163d1389d2a46fc3453
Author: NIIBE Yutaka <gniibe at fsij.org>
Date: Thu Jan 19 15:39:55 2017 +0900
dirmngr: Add setup of CA for NTBTLS.
* dirmngr/http.c [HTTP_USE_NTBTLS] (http_session_new): Add CA by
ntbtls_set_ca_chain.
Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
diff --git a/dirmngr/http.c b/dirmngr/http.c
index 75701ec..9457707 100644
--- a/dirmngr/http.c
+++ b/dirmngr/http.c
@@ -621,16 +621,93 @@ http_session_new (http_session_t *r_session, const char *tls_priority,
#if HTTP_USE_NTBTLS
{
+ x509_cert_t ca_chain;
+ char line[256];
+ estream_t fp, mem_p;
+ size_t nread, nbytes;
+ struct b64state state;
+ void *buf;
+ size_t buflen;
+ char *pemname;
+
(void)tls_priority;
- /* ntbtls_set_debug (99, NULL, NULL); */
+ pemname = make_filename_try (gnupg_datadir (),
+ "sks-keyservers.netCA.pem", NULL);
+ if (!pemname)
+ {
+ err = gpg_error_from_syserror ();
+ log_error ("setting CA from file '%s' failed: %s\n",
+ pemname, gpg_strerror (err));
+ goto leave;
+ }
+
+ fp = es_fopen (pemname, "r");
+ if (!fp)
+ {
+ err = gpg_error_from_syserror ();
+ log_error ("can't open '%s': %s\n", pemname, gpg_strerror (err));
+ xfree (pemname);
+ goto leave;
+ }
+ xfree (pemname);
+
+ mem_p = es_fopenmem (0, "r+b");
+ err = b64dec_start (&state, "CERTIFICATE");
+ if (err)
+ {
+ log_error ("b64dec failure: %s\n", gpg_strerror (err));
+ goto leave;
+ }
+
+ while ( (nread = es_fread (line, 1, DIM (line), fp)) )
+ {
+ err = b64dec_proc (&state, line, nread, &nbytes);
+ if (err)
+ {
+ if (gpg_err_code (err) == GPG_ERR_EOF)
+ break;
+
+ log_error ("b64dec failure: %s\n", gpg_strerror (err));
+ es_fclose (fp);
+ es_fclose (mem_p);
+ goto leave;
+ }
+ else if (nbytes)
+ es_fwrite (line, 1, nbytes, mem_p);
+ }
+ err = b64dec_finish (&state);
+ if (err)
+ {
+ log_error ("b64dec failure: %s\n", gpg_strerror (err));
+ es_fclose (fp);
+ es_fclose (mem_p);
+ goto leave;
+ }
+
+ es_fclose_snatch (mem_p, &buf, &buflen);
+ es_fclose (fp);
+
+ err = ntbtls_x509_cert_new (&ca_chain);
+ if (err)
+ {
+ log_error ("ntbtls_x509_new failed: %s\n", gpg_strerror (err));
+ xfree (buf);
+ goto leave;
+ }
+
+ err = ntbtls_x509_append_cert (ca_chain, buf, buflen);
+ xfree (buf);
err = ntbtls_new (&sess->tls_session, NTBTLS_CLIENT);
if (err)
{
log_error ("ntbtls_new failed: %s\n", gpg_strerror (err));
+ ntbtls_x509_cert_release (ca_chain);
goto leave;
}
+
+ err = ntbtls_set_ca_chain (sess->tls_session, ca_chain, NULL);
}
#elif HTTP_USE_GNUTLS
{
-----------------------------------------------------------------------
Summary of changes:
dirmngr/http.c | 79 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 78 insertions(+), 1 deletion(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list