dirmngr: Add option --use-tor as a stub.

* dirmngr/dirmngr.h (opt): Add field "use_tor". * dirmngr/dirmngr.c (oUseTor): New. (opts): Add --use-tor. (parse_rereadable_options): Set option. (main): Tell gpgconf about that option. * dirmngr/crlfetch.c (crl_fetch): Pass TOR flag to the http module and return an error if LDAP is used in TOR mode. (ca_cert_fetch): Return an error in TOR mode. (start_cert_fetch): Ditto. * dirmngr/ks-engine-finger.c (ks_finger_fetch): Pass TOR flag to the http module. * dirmngr/ks-engine-hkp.c (send_request): Ditto. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/ks-engine-ldap.c (ks_ldap_get): Return an error in TOR mode. (ks_ldap_search): Ditto. (ks_ldap_put): Ditto. * dirmngr/ocsp.c (do_ocsp_request): Ditto. Also pass TOR flag to the http module. * dirmngr/server.c (option_handler): Add "honor-keyserver-url-used". (cmd_dns_cert): Return an error in TOR mode. (cmd_getinfo): Add subcommand "tor" * tools/gpgconf-comp.c (gc_options_dirmngr): Add TOR group. -- More work is required to actually make --use-tor useful. For now it returns an error for almost all network access but as soon as we have added the TOR feature to the http module some parts will start to work. Signed-off-by: Werner Koch <wk@gnupg.org>
author: Werner Koch <wk@gnupg.org> 2015-09-18 16:17:11 +0200
committer: Werner Koch <wk@gnupg.org> 2015-09-18 16:21:31 +0200
commit: c091816b4a90d7eea6f8601ec1522a0a006794e8 (patch)
tree: 4f647e68dd1100ead3a44d0df7c490b5f6b6f88e /dirmngr/crlfetch.c
parent: gpg: Report a conflict between honor-keyserver-url and TOR. (diff)
download: gnupg2-c091816b4a90d7eea6f8601ec1522a0a006794e8.tar.xz
gnupg2-c091816b4a90d7eea6f8601ec1522a0a006794e8.zip
1 files changed, 28 insertions, 2 deletions
diff --git a/dirmngr/crlfetch.c b/dirmngr/crlfetch.c
index 3b3916a23..0f34e2794 100644
--- a/dirmngr/crlfetch.c
+++ b/dirmngr/crlfetch.c
@@ -196,8 +196,9 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
         }
       else
         err = http_open_document (&hd, url, NULL,
-                                  (opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
-                                  |(DBG_LOOKUP? HTTP_FLAG_LOG_RESP:0),
+                                  ((opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
+                                   |(DBG_LOOKUP? HTTP_FLAG_LOG_RESP:0)
+                                   |(opt.use_tor? HTTP_FLAG_FORCE_TOR:0)),
                                   ctrl->http_proxy, NULL, NULL, NULL);
 
       switch ( err? 99999 : http_get_status_code (hd) )
@@ -289,6 +290,12 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
                      "LDAP");
           err = gpg_error (GPG_ERR_NOT_SUPPORTED);
         }
+      else if (opt.use_tor)
+        {
+          /* For now we do not support LDAP over TOR.  */
+          log_error (_("CRL access not possible due to TOR mode\n"));
+          err = gpg_error (GPG_ERR_NOT_SUPPORTED);
+        }
       else
         {
 #       if USE_LDAP
@@ -309,12 +316,19 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
 gpg_error_t
 crl_fetch_default (ctrl_t ctrl, const char *issuer, ksba_reader_t *reader)
 {
+  if (opt.use_tor)
+    {
+      /* For now we do not support LDAP over TOR.  */
+      log_error (_("CRL access not possible due to TOR mode\n"));
+      return gpg_error (GPG_ERR_NOT_SUPPORTED);
+    }
   if (opt.disable_ldap)
     {
       log_error (_("CRL access not possible due to disabled %s\n"),
                  "LDAP");
       return gpg_error (GPG_ERR_NOT_SUPPORTED);
     }
+
 #if USE_LDAP
   return attr_fetch_ldap (ctrl, issuer, "certificateRevocationList",
                           reader);
@@ -334,6 +348,12 @@ crl_fetch_default (ctrl_t ctrl, const char *issuer, ksba_reader_t *reader)
 gpg_error_t
 ca_cert_fetch (ctrl_t ctrl, cert_fetch_context_t *context, const char *dn)
 {
+  if (opt.use_tor)
+    {
+      /* For now we do not support LDAP over TOR.  */
+      log_error (_("CRL access not possible due to TOR mode\n"));
+      return gpg_error (GPG_ERR_NOT_SUPPORTED);
+    }
   if (opt.disable_ldap)
     {
       log_error (_("CRL access not possible due to disabled %s\n"),
@@ -355,6 +375,12 @@ gpg_error_t
 start_cert_fetch (ctrl_t ctrl, cert_fetch_context_t *context,
                   strlist_t patterns, const ldap_server_t server)
 {
+  if (opt.use_tor)
+    {
+      /* For now we do not support LDAP over TOR.  */
+      log_error (_("CRL access not possible due to TOR mode\n"));
+      return gpg_error (GPG_ERR_NOT_SUPPORTED);
+    }
   if (opt.disable_ldap)
     {
       log_error (_("certificate search not possible due to disabled %s\n"),
author	Werner Koch <wk@gnupg.org>	2015-09-18 16:17:11 +0200
committer	Werner Koch <wk@gnupg.org>	2015-09-18 16:21:31 +0200
commit	c091816b4a90d7eea6f8601ec1522a0a006794e8 (patch)
tree	4f647e68dd1100ead3a44d0df7c490b5f6b6f88e /dirmngr/crlfetch.c
parent	gpg: Report a conflict between honor-keyserver-url and TOR. (diff)
download	gnupg2-c091816b4a90d7eea6f8601ec1522a0a006794e8.tar.xz gnupg2-c091816b4a90d7eea6f8601ec1522a0a006794e8.zip