diff options
| author | Werner Koch <wk@gnupg.org> | 2017-02-21 09:37:07 +0100 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2017-02-21 09:37:07 +0100 |
| commit | 493c142e582ff5ef1b5fdfcb9653715ef43e83e9 (patch) | |
| tree | cd404a685a10396849d38a9e795432c9d8e1a3e1 /dirmngr/t-http.c | |
| parent | dirmngr: Add a magic field to the http structs. (diff) | |
| download | gnupg2-493c142e582ff5ef1b5fdfcb9653715ef43e83e9.tar.xz gnupg2-493c142e582ff5ef1b5fdfcb9653715ef43e83e9.zip | |
dirmngr: New Assuan option "http-crl".
* dirmngr/dirmngr.h (server_control_s): New flag 'http_no_crl'.
* dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Set this flag.
* dirmngr/server.c (option_handler): New option "http-crl"
* dirmngr/http.h (HTTP_FLAG_NO_CRL): New flag.
* dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Consult this flag.
* dirmngr/ks-engine-hkp.c (send_request): Set flag depending on CTRL.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/t-http.c (main): New option --no-crl.
--
This new option can be used to enable CRL checks on a per session
base. The default is not to use CRLs for https connections.
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'dirmngr/t-http.c')
| -rw-r--r-- | dirmngr/t-http.c | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/dirmngr/t-http.c b/dirmngr/t-http.c index c5bec898b..68818de7a 100644 --- a/dirmngr/t-http.c +++ b/dirmngr/t-http.c @@ -199,6 +199,7 @@ main (int argc, char **argv) unsigned int my_http_flags = 0; int no_out = 0; int tls_dbg = 0; + int no_crl = 0; const char *cafile = NULL; http_session_t session = NULL; @@ -225,7 +226,8 @@ main (int argc, char **argv) " --no-verify do not verify the certificate\n" " --force-tls use HTTP_FLAG_FORCE_TLS\n" " --force-tor use HTTP_FLAG_FORCE_TOR\n" - " --no-out do not print the content\n", + " --no-out do not print the content\n" + " --no-crl do not consuilt a CRL\n", stdout); exit (0); } @@ -278,6 +280,11 @@ main (int argc, char **argv) no_out = 1; argc--; argv++; } + else if (!strcmp (*argv, "--no-crl")) + { + no_crl = 1; + argc--; argv++; + } else if (!strncmp (*argv, "--", 2)) { fprintf (stderr, PGM ": unknown option '%s'\n", *argv); @@ -298,7 +305,9 @@ main (int argc, char **argv) #if HTTP_USE_NTBTLS log_info ("new session.\n"); - err = http_session_new (&session, NULL, HTTP_FLAG_TRUST_DEF, + err = http_session_new (&session, NULL, + ((no_crl? HTTP_FLAG_NO_CRL : 0) + | HTTP_FLAG_TRUST_DEF), my_http_tls_verify_cb, NULL); if (err) log_error ("http_session_new failed: %s\n", gpg_strerror (err)); @@ -313,7 +322,10 @@ main (int argc, char **argv) http_register_tls_callback (verify_callback); http_register_tls_ca (cafile); - err = http_session_new (&session, NULL, HTTP_FLAG_TRUST_DEF, NULL, NULL); + err = http_session_new (&session, NULL, + ((no_crl? HTTP_FLAG_NO_CRL : 0) + | HTTP_FLAG_TRUST_DEF), + NULL, NULL); if (err) log_error ("http_session_new failed: %s\n", gpg_strerror (err)); |