[mod_gnutls-devel] GnuTLSPGPKeyringFile?

Ramkumar Chinchani ramkumar.chinchani at gmail.com
Fri Mar 7 08:34:24 CET 2014 

FYI.

Suggested a patch upstream [1] which should make this happen.

[1] http://lists.gnutls.org/pipermail/gnutls-devel/2014-March/006803.html



On Sun, Mar 2, 2014 at 8:25 AM, Ramkumar Chinchani <
ramkumar.chinchani at gmail.com> wrote:

> Hi Benny,
>
> Thanks for the code review.
>
> The problem is that in the following code snippet in the function
> gnutls_openpgp_keyring_import()
>
> 174       do
> 175         {
> 176           err =
> 177             cdk_stream_read (input, raw_data + written, raw_len -
> written);
> 178
> 179           if (err > 0)
> 180             written += err;
> 181         }
> 182       while (written < raw_len && err != EOF && err > 0);
>
>
> "err" comes with EOF in the very first iteration because of the incorrect
> armor (base64 vs raw)
> And this failure appears to be silent so there is no way of detecting the
> failure in the caller and try a different armor.
>
>
>
>
> On Thu, Feb 27, 2014 at 8:11 AM, Benny Baumann <BenBE at geshi.org> wrote:
>
>> Hi,
>>
>> Am 27.02.2014 08:35, schrieb Ramkumar Chinchani:
>> > Is there a way to export the entire keyring? in base64 format?
>> gnupg exports all matching keys when given the --export option. Haven't
>> checked though yet how to export the full keyring at once.
>> >
>> > If not, then I am likely pointing GnuTLSPGPKeyringFile to
>> > ${HOME}/.gnupg/pubring.gpg which should be in RAW format?
>> >
>> >
>> > diff --git a/src/gnutls_config.c b/src/gnutls_config.c
>> > index 3300854..6b672f5 100644
>> > --- a/src/gnutls_config.c
>> > +++ b/src/gnutls_config.c
>> > @@ -509,7 +509,7 @@ const char *mgs_set_keyring_file(cmd_parms *
>> > parms, void *dummy,
>> >      }
>> >
>> >      rv = gnutls_openpgp_keyring_import(sc->pgp_list, &data,
>> > -            GNUTLS_OPENPGP_FMT_BASE64);
>> > +            GNUTLS_OPENPGP_FMT_RAW);
>> >      if (rv < 0) {
>> >          return apr_psprintf(parms->pool, "GnuTLS: Failed to load "
>> >                  "Keyring File '%s': (%d) %s", file, rv,
>> >
>> >
>> I'd prefer if the old behaviour stays and it additionally allows for
>> binary keyrings to be loaded. That way you won't offend existing users
>> of this feature.
>>
>> Regards,
>> BenBE.
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140307/40e5280e/attachment.html>

More information about the mod_gnutls-devel mailing list