1. 05 Nov, 2016 1 commit
  2. 12 Aug, 2016 1 commit
    • Daniel Kahn Gillmor's avatar
      Call log_set_prefix() with human-readable labels. · 61c2a1fa
      Daniel Kahn Gillmor authored
      * agent/preset-passphrase.c, agent/protect-tool.c, dirmngr/dirmngr.c
      * dirmngr/t-http.c, g10/gpg.c, g10/gpgv.c, g13/g13-syshelp.c
      * g13/g13.c, kbx/kbxutil.c, scd/scdaemon.c, sm/gpgsm.c
      * tests/gpgscm/main.c, tools/gpg-check-pattern.c
      * tools/gpg-connect-agent.c, tools/gpgconf.c, tools/gpgtar.c
      * tools/symcryptrun.c: Invoke log_set_prefix() with
      human-readable labels.
      
      --
      
      Some invocations of log_set_prefix() were done with raw numeric values
      instead of values that humans can understand.  Use symbolic
      representations instead of numeric for better readability.
      Signed-off-by: Daniel Kahn Gillmor's avatarDaniel Kahn Gillmor <dkg@fifthhorseman.net>
      61c2a1fa
  3. 26 Apr, 2016 1 commit
    • Werner Koch's avatar
      http: Allow to request system defined CAs for TLS. · fd765df6
      Werner Koch authored
      * dirmngr/http.h (HTTP_FLAG_TRUST_DEF, HTTP_FLAG_TRUST_SYS): New.
      * dirmngr/http.c (http_session_new): Add arg "flags".
      * dirmngr/ks-engine-hkp.c (send_request): Use new flag
      HTTP_FLAG_TRUST_DEF for the new arg of http_session_new.
      * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
      * dirmngr/t-http.c (main): Ditto.
      --
      Signed-off-by: 's avatarWerner Koch <wk@gnupg.org>
      fd765df6
  4. 22 Jan, 2016 1 commit
    • Daniel Kahn Gillmor's avatar
      dirmngr: Use sks-keyservers CA by default for the hkps pool. · afb86961
      Daniel Kahn Gillmor authored
      * dirmngr/Makefile.am (dist_pkgdata_DATA): Add sks-keyservers.netCA.pem.
      * dirmngr/http.c (http_session_new): Add optional arg
      intended_hostname and set a default cert.
      * dirmngr/ks-engine-hkp.c (send_request): Pass httphost to
      http_session_new.
      --
      
      Ship the certificate for the sks-keyservers hkps pool.  If the user
      has specified that they want to use
      hkps://hkps.pool.sks-keyservers.net, and they have not specified any
      hkp-cacert explicitly, then initialize the trust path with this
      specific trust anchor.
      
      Co-authored-by: wk@gnupg.org
      Signed-off-by: 's avatarWerner Koch <wk@gnupg.org>
      afb86961
  5. 02 Dec, 2015 1 commit
  6. 25 Oct, 2015 1 commit
    • Werner Koch's avatar
      dirmngr: Add workaround for broken getaddrinfo. · 5e7ac031
      Werner Koch authored
      * dirmngr/dns-stuff.c (resolve_name_standard): On failure retry by
      first resolving the CNAME.
      (get_dns_cname): New.
      
      * dirmngr/t-dns-stuff.c (main): Add option --cname.
      --
      
      At least the getaddrinfo implementation in glibc 2.19-13 from Debian
      returns EAI_NONAME if the CNAME points to a too long list of A/AAAA
      addresses.  Looking at the wire the data is correctly returned from
      the server but getaddrinfo seems to get confused by truncation and
      retry.  To fix this we resolve the CNAME again and call getaddrinfo
      again with the canonical name.
      Signed-off-by: 's avatarWerner Koch <wk@gnupg.org>
      5e7ac031
  7. 21 Oct, 2015 1 commit
  8. 18 Oct, 2015 1 commit
    • Werner Koch's avatar
      Move http module from common/ to dirmngr/. · 5aa1b392
      Werner Koch authored
      * common/http.c: Move to ../dirmngr/.
      * common/http.h: Move to ../dirmngr/.
      * common/t-http.c: Move to ../dirmngr/.
      * common/tls-ca.pem: Move to ../dirmngr/.
      * common/Makefile.am: Do not build libcommontls.a libcommontlsnpth.a.
      Remove http.c related stuff.
      * po/POTFILES.in: Move http.c to dirmngr/.
      * dirmngr/Makefile.am (EXTRA_DIST): Add tls-ca.pem.
      (module_maint_tests): New.
      (noinst_PROGRAMS): Add module_maint_tests.
      (dirmngr_SOURCES): Add http.c and http.h.
      (dirmngr_LDADD): Remove libcommontlsnpth.
      (t_common_ldadd): Ditto.
      (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New.
      (t_ldap_parse_uri_SOURCES): Add http.c.
      (t_ldap_parse_uri_CFLAGS): Build without npth.
      ($(PROGRAMS)): Do not require libcommontls.a libcommontlsnpth.a.
      * dirmngr/dirmngr.h, dirmngr/ks-engine.h: Fix include of http.h.
      --
      
      All network access is done via dirmngr and thus http.c should be
      there.
      Signed-off-by: 's avatarWerner Koch <wk@gnupg.org>
      5aa1b392
  9. 18 Sep, 2015 1 commit
  10. 03 Oct, 2014 1 commit
  11. 02 Oct, 2014 1 commit
    • Werner Koch's avatar
      First changes for future use of NTBTLS. · f2361e6d
      Werner Koch authored
      * configure.ac (NEED_NTBTLS_ABI, NEED_NTBTLS_VERSION): New.
      (HTTP_USE_NTBTLS): New.  Prefer over GNUTLS.
      * m4/ntbtls.m4: New.
      * m4/Makefile.am (EXTRA_DIST): Add new file.
      * common/http.c: Add conditionals to eventually use NTBTLS.
      --
      
      This is only the configure stuff.  If you have NTBTLS installed GNUTLS
      will not be used but there won't be any https support either :-(.
      This patch is used to have a real world test bench for the forthcoming
      library.
      f2361e6d
  12. 18 Sep, 2014 2 commits
  13. 27 Aug, 2014 1 commit
  14. 26 Aug, 2014 1 commit
    • Werner Koch's avatar
      Switch to the libgpg-error provided estream. · 519305fe
      Werner Koch authored
      * configure.ac (NEED_GPG_ERROR_VERSION): Reguire 1.14.
      (GPGRT_ENABLE_ES_MACROS): Define.
      (estream_INIT): Remove.
      * m4/estream.m4: Remove.
      * common/estream-printf.c, common/estream-printf.h: Remove.
      * common/estream.c, common/estream.h: Remove.
      * common/init.c (_init_common_subsystems): Call gpgrt initialization.
      519305fe
  15. 05 May, 2014 1 commit
    • Werner Koch's avatar
      http: Add reference counting to the session object. · ea0f5481
      Werner Koch authored
      * common/http.c (http_session_t): Add field "refcount".
      (_my_socket_new, _my_socket_ref, _my_socket_unref): Add debug code.
      (send_request, my_npth_read, my_npth_write): Use SOCK object for the
      transport ptr.
      (http_session_release): Factor all code out to ...
      (session_unref): here.  Deref SOCK.
      (http_session_new): Init refcount and transport ptr.
      (http_session_ref): New.  Ref and unref all assignments.
      --
      
      Having the reference counted session objects makes it easier for the
      application to pass around only an estream.  Without that the
      application would need to implement an es_onclose machinery for the
      session object.
      ea0f5481
  16. 02 May, 2014 2 commits
    • Werner Koch's avatar
      http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info. · 0e591956
      Werner Koch authored
      * common/http.c (http_parse_uri): Factor code out to ...
      (parse_uri): here.  Add arg FORCE_TLS.
      (do_parse_uri): Ditto.  Implement flag.
      (http_get_tls_info): New.
      (http_register_tls_ca): Allow clearing of the list.
      (send_request): Use a default verification function.
      * common/http.h (HTTP_FLAG_FORCE_TLS): New.
      * common/t-http.c (main): Add several command line options.
      0e591956
    • Werner Koch's avatar
      http: Revamp TLS API. · 8412a582
      Werner Koch authored
      * configure.ac (NEED_GNUTLS_VERSION): New.
      (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst.
      
      * common/http.h (http_session_t): New.
      * common/http.c: Remove compatibility for gnutls < 3.0.
      (http_session_s): New.
      (cookie_s): Replace gnutls_session_t by http_session_t.
      (tls_callback, tls_ca_certlist): New variables.
      (my_socket_unref): Add preclose args.
      (my_npth_read, my_npth_write): New.
      (make_header_line): Fix bug using int* instead of char*.
      (http_register_tls_callback): New.
      (http_register_tls_ca): New.
      (http_session_new): New.
      (http_session_release): New.
      (http_get_header_names): New.
      (escape_data): Add hack to escape in forms mode.
      (send_request) [HTTP_USE_GNUTLS]: Support SNI.
      (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line.
      (send_gnutls_bye): New.
      (cookie_close): Make use of preclose feature.
      (http_verify_server_credentials): New.
      (main) [TEST]: Remove test code.
      * common/t-http.c: New.
      * common/tls-ca.pem: New.
      * common/Makefile.am (tls_sources): New. Move http code to here.
      (libcommontls_a_SOURCES): New.
      (libcommontlsnpth_a_SOURCES): New.
      (EXTRA_DIST): Add tls-ca.pem
      (module_maint_tests): Add t-http.
      (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New.
      
      * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth.
      --
      
      This new TLS API for http.c is much more flexible than the crude old
      hack.
      8412a582