[git] GnuPG - branch, master, updated. gnupg-2.1.21-112-gda91d21
by Justus Winter
cvs at cvs.gnupg.org
Wed Jul 19 12:30:26 CEST 2017
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via da91d2106a17c796ddb066a34db92d33b21c81f7 (commit)
via e7eabe66b6409c1f5225b751ea5c2d456a3856e6 (commit)
via 1ba220e68149fdb197accf4a15b0a11126c8b431 (commit)
via 46a4a0c0e77e19f9589088bb87357c33142c3f04 (commit)
via 73d4781e4595634548269bafe46aeb7674c5b219 (commit)
from 99791184ac4c7486ccdefc150b9921cd923428b9 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit da91d2106a17c796ddb066a34db92d33b21c81f7
Author: Justus Winter <justus at g10code.com>
Date: Wed Jul 19 11:12:14 2017 +0200
dirmngr: Implement TLS over http proxies.
* dirmngr/http.c (send_request): If a http proxy is to be used, and we
want to use TLS, try to use the CONNECT method to get a connection to
the target server.
GnuPG-bug-id: 2940
Signed-off-by: Justus Winter <justus at g10code.com>
diff --git a/dirmngr/http.c b/dirmngr/http.c
index 25368bb..dea4c71 100644
--- a/dirmngr/http.c
+++ b/dirmngr/http.c
@@ -1672,6 +1672,7 @@ send_request (http_t hd, const char *httphost, const char *auth,
char *proxy_authstr = NULL;
char *authstr = NULL;
assuan_fd_t sock;
+ int have_http_proxy = 0;
if (hd->uri->use_tls && !hd->session)
{
@@ -1759,7 +1760,7 @@ send_request (http_t hd, const char *httphost, const char *auth,
if (err)
;
else if (!strcmp (uri->scheme, "http"))
- ;
+ have_http_proxy = 1;
else if (!strcmp (uri->scheme, "socks4")
|| !strcmp (uri->scheme, "socks5h"))
err = gpg_err_make (default_errsource, GPG_ERR_NOT_IMPLEMENTED);
@@ -1810,6 +1811,94 @@ send_request (http_t hd, const char *httphost, const char *auth,
return gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
}
+#if USE_TLS
+ if (have_http_proxy && hd->uri->use_tls)
+ {
+ int saved_flags;
+ cookie_t cookie;
+
+ /* Try to use the CONNECT method to proxy our TLS stream. */
+ request = es_bsprintf
+ ("CONNECT %s:%hu HTTP/1.0\r\nHost: %s:%hu\r\n%s",
+ httphost ? httphost : server,
+ port,
+ httphost ? httphost : server,
+ port,
+ proxy_authstr ? proxy_authstr : "");
+ xfree (proxy_authstr);
+ proxy_authstr = NULL;
+
+ if (! request)
+ return gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
+
+ if (opt_debug || (hd->flags & HTTP_FLAG_LOG_RESP))
+ log_debug_with_string (request, "http.c:request:");
+
+ cookie = xtrycalloc (1, sizeof *cookie);
+ if (! cookie)
+ {
+ err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
+ xfree (request);
+ return err;
+ }
+ cookie->sock = my_socket_ref (hd->sock);
+ hd->write_cookie = cookie;
+
+ hd->fp_write = es_fopencookie (cookie, "w", cookie_functions);
+ if (! hd->fp_write)
+ {
+ err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
+ my_socket_unref (cookie->sock, NULL, NULL);
+ xfree (cookie);
+ xfree (request);
+ hd->write_cookie = NULL;
+ return err;
+ }
+ else if (es_fputs (request, hd->fp_write) || es_fflush (hd->fp_write))
+ err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
+
+ xfree (request);
+ request = NULL;
+
+ /* Make sure http_wait_response doesn't close the stream. */
+ saved_flags = hd->flags;
+ hd->flags &= ~HTTP_FLAG_SHUTDOWN;
+
+ /* Get the response. */
+ err = http_wait_response (hd);
+
+ /* Restore flags, destroy stream. */
+ hd->flags = saved_flags;
+ es_fclose (hd->fp_read);
+ hd->fp_read = NULL;
+ hd->read_cookie = NULL;
+
+ /* Reset state. */
+ hd->in_data = 0;
+
+ if (err)
+ return err;
+
+ if (hd->status_code != 200)
+ {
+ request = es_bsprintf
+ ("CONNECT %s:%hu",
+ httphost ? httphost : server,
+ port);
+
+ log_error (_("error accessing '%s': http status %u\n"),
+ request ? request : "out of core",
+ http_get_status_code (hd));
+
+ xfree (request);
+ return gpg_error (GPG_ERR_NO_DATA);
+ }
+
+ /* We are done with the proxy, the code below will establish a
+ * TLS session and talk directly to the target server. */
+ http_proxy = NULL;
+ }
+#endif /* USE_TLS */
#if HTTP_USE_NTBTLS
if (hd->uri->use_tls)
commit e7eabe66b6409c1f5225b751ea5c2d456a3856e6
Author: Justus Winter <justus at g10code.com>
Date: Wed Jul 19 11:10:26 2017 +0200
dirmngr: Log http response in debug mode.
* dirmngr/http.c (parse_response): Log http response in debug mode.
Signed-off-by: Justus Winter <justus at g10code.com>
diff --git a/dirmngr/http.c b/dirmngr/http.c
index 29854b5..25368bb 100644
--- a/dirmngr/http.c
+++ b/dirmngr/http.c
@@ -2344,7 +2344,7 @@ parse_response (http_t hd)
if (!len)
return GPG_ERR_EOF;
- if ((hd->flags & HTTP_FLAG_LOG_RESP))
+ if (opt_debug || (hd->flags & HTTP_FLAG_LOG_RESP))
log_debug_with_string (line, "http.c:response:\n");
}
while (!*line);
@@ -2389,7 +2389,7 @@ parse_response (http_t hd)
/* Trim line endings of empty lines. */
if ((*line == '\r' && line[1] == '\n') || *line == '\n')
*line = 0;
- if ((hd->flags & HTTP_FLAG_LOG_RESP))
+ if (opt_debug || (hd->flags & HTTP_FLAG_LOG_RESP))
log_info ("http.c:RESP: '%.*s'\n",
(int)strlen(line)-(*line&&line[1]?2:0),line);
if (*line)
commit 1ba220e68149fdb197accf4a15b0a11126c8b431
Author: Justus Winter <justus at g10code.com>
Date: Wed Jul 19 11:07:59 2017 +0200
dirmngr: Amend TLS handling.
* dirmngr/http.c (http_wait_response): Get the 'use_tls' flag from the
write cookie, not from the URI.
Signed-off-by: Justus Winter <justus at g10code.com>
diff --git a/dirmngr/http.c b/dirmngr/http.c
index b63beb6..29854b5 100644
--- a/dirmngr/http.c
+++ b/dirmngr/http.c
@@ -1064,6 +1064,7 @@ http_wait_response (http_t hd)
{
gpg_error_t err;
cookie_t cookie;
+ int use_tls;
/* Make sure that we are in the data. */
http_start_data (hd);
@@ -1074,6 +1075,7 @@ http_wait_response (http_t hd)
if (!cookie)
return gpg_err_make (default_errsource, GPG_ERR_INTERNAL);
+ use_tls = cookie->use_tls;
es_fclose (hd->fp_write);
hd->fp_write = NULL;
/* The close has released the cookie and thus we better set it to NULL. */
@@ -1092,7 +1094,7 @@ http_wait_response (http_t hd)
return gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
cookie->sock = my_socket_ref (hd->sock);
cookie->session = http_session_ref (hd->session);
- cookie->use_tls = hd->uri->use_tls;
+ cookie->use_tls = use_tls;
hd->read_cookie = cookie;
hd->fp_read = es_fopencookie (cookie, "r", cookie_functions);
commit 46a4a0c0e77e19f9589088bb87357c33142c3f04
Author: Justus Winter <justus at g10code.com>
Date: Wed Jul 19 12:12:49 2017 +0200
dirmngr: Fix connecting to http proxies.
* dirmngr/http.c (send_request): Do not use the 'srvtag' intended for
the target host to connect to the http proxy.
Signed-off-by: Justus Winter <justus at g10code.com>
diff --git a/dirmngr/http.c b/dirmngr/http.c
index b5b0e9d..b63beb6 100644
--- a/dirmngr/http.c
+++ b/dirmngr/http.c
@@ -1788,7 +1788,7 @@ send_request (http_t hd, const char *httphost, const char *auth,
err = connect_server (*uri->host ? uri->host : "localhost",
uri->port ? uri->port : 80,
- hd->flags, srvtag, timeout, &sock);
+ hd->flags, NULL, timeout, &sock);
http_release_parsed_uri (uri);
}
else
commit 73d4781e4595634548269bafe46aeb7674c5b219
Author: Justus Winter <justus at g10code.com>
Date: Tue Jul 18 17:24:21 2017 +0200
dirmngr: Fix handling of proxy URIs.
* dirmngr/http.c (send_request): We do not support socks4.
Signed-off-by: Justus Winter <justus at g10code.com>
diff --git a/dirmngr/http.c b/dirmngr/http.c
index 0cb2708..b5b0e9d 100644
--- a/dirmngr/http.c
+++ b/dirmngr/http.c
@@ -1756,9 +1756,10 @@ send_request (http_t hd, const char *httphost, const char *auth,
if (err)
;
- else if (!strcmp (uri->scheme, "http") || !strcmp (uri->scheme, "socks4"))
+ else if (!strcmp (uri->scheme, "http"))
;
- else if (!strcmp (uri->scheme, "socks5h"))
+ else if (!strcmp (uri->scheme, "socks4")
+ || !strcmp (uri->scheme, "socks5h"))
err = gpg_err_make (default_errsource, GPG_ERR_NOT_IMPLEMENTED);
else
err = gpg_err_make (default_errsource, GPG_ERR_INV_URI);
-----------------------------------------------------------------------
Summary of changes:
dirmngr/http.c | 106 +++++++++++++++++++++++++++++++++++++++++++++++++++++----
1 file changed, 99 insertions(+), 7 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list