[mod_gnutls-devel] GnuTLSPGPKeyringFile?
Ramkumar Chinchani
ramkumar.chinchani at gmail.com
Sun Mar 2 09:25:55 CET 2014
Hi Benny,
Thanks for the code review.
The problem is that in the following code snippet in the function
gnutls_openpgp_keyring_import()
174 do
175 {
176 err =
177 cdk_stream_read (input, raw_data + written, raw_len -
written);
178
179 if (err > 0)
180 written += err;
181 }
182 while (written < raw_len && err != EOF && err > 0);
"err" comes with EOF in the very first iteration because of the incorrect
armor (base64 vs raw)
And this failure appears to be silent so there is no way of detecting the
failure in the caller and try a different armor.
On Thu, Feb 27, 2014 at 8:11 AM, Benny Baumann <BenBE at geshi.org> wrote:
> Hi,
>
> Am 27.02.2014 08:35, schrieb Ramkumar Chinchani:
> > Is there a way to export the entire keyring? in base64 format?
> gnupg exports all matching keys when given the --export option. Haven't
> checked though yet how to export the full keyring at once.
> >
> > If not, then I am likely pointing GnuTLSPGPKeyringFile to
> > ${HOME}/.gnupg/pubring.gpg which should be in RAW format?
> >
> >
> > diff --git a/src/gnutls_config.c b/src/gnutls_config.c
> > index 3300854..6b672f5 100644
> > --- a/src/gnutls_config.c
> > +++ b/src/gnutls_config.c
> > @@ -509,7 +509,7 @@ const char *mgs_set_keyring_file(cmd_parms *
> > parms, void *dummy,
> > }
> >
> > rv = gnutls_openpgp_keyring_import(sc->pgp_list, &data,
> > - GNUTLS_OPENPGP_FMT_BASE64);
> > + GNUTLS_OPENPGP_FMT_RAW);
> > if (rv < 0) {
> > return apr_psprintf(parms->pool, "GnuTLS: Failed to load "
> > "Keyring File '%s': (%d) %s", file, rv,
> >
> >
> I'd prefer if the old behaviour stays and it additionally allows for
> binary keyrings to be loaded. That way you won't offend existing users
> of this feature.
>
> Regards,
> BenBE.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140302/ff4bbc40/attachment-0001.html>
More information about the mod_gnutls-devel
mailing list