g10, sm, dirmngr, common: Add comment for fall through.
[gnupg.git] / dirmngr / ks-engine-http.c
index a9399a1..02269da 100644 (file)
@@ -14,7 +14,7 @@
  * GNU General Public License for more details.
  *
  * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
  */
 
 #include <config.h>
 gpg_error_t
 ks_http_help (ctrl_t ctrl, parsed_uri_t uri)
 {
-  const char const data[] =
+  const char data[] =
     "Handler for HTTP URLs:\n"
     "  http://\n"
+#if  HTTP_USE_GNUTLS || HTTP_USE_NTBTLS
+    "  https://\n"
+#endif
     "Supported methods: fetch\n";
   gpg_error_t err;
 
+#if  HTTP_USE_GNUTLS || HTTP_USE_NTBTLS
+  const char data2[] = "  http\n  https";
+#else
+  const char data2[] = "  http";
+#endif
+
   if (!uri)
-    err = ks_print_help (ctrl, "  http");
+    err = ks_print_help (ctrl, data2);
   else if (uri->is_http && strcmp (uri->scheme, "hkp"))
     err = ks_print_help (ctrl, data);
   else
@@ -58,20 +67,36 @@ gpg_error_t
 ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp)
 {
   gpg_error_t err;
+  http_session_t session = NULL;
   http_t http = NULL;
   int redirects_left = MAX_REDIRECTS;
   estream_t fp = NULL;
   char *request_buffer = NULL;
 
-  *r_fp = NULL;
  once_more:
+  /* Note that we only use the system provided certificates with the
+   * fetch command.  */
+  err = http_session_new (&session, NULL,
+                          ((ctrl->http_no_crl? HTTP_FLAG_NO_CRL : 0)
+                           | HTTP_FLAG_TRUST_SYS),
+                          gnupg_http_tls_verify_cb, ctrl);
+  if (err)
+    goto leave;
+  http_session_set_log_cb (session, cert_log_cb);
+
+  *r_fp = NULL;
   err = http_open (&http,
                    HTTP_REQ_GET,
                    url,
+                   /* httphost */ NULL,
                    /* fixme: AUTH */ NULL,
-                   0,
-                   /* fixme: proxy*/ NULL,
-                   NULL, NULL,
+                   ((opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
+                    | (dirmngr_use_tor ()? HTTP_FLAG_FORCE_TOR:0)
+                    | (opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4 : 0)
+                    | (opt.disable_ipv6? HTTP_FLAG_IGNORE_IPv6 : 0)),
+                   ctrl->http_proxy,
+                   session,
+                   NULL,
                    /*FIXME curl->srvtag*/NULL);
   if (!err)
     {
@@ -111,6 +136,7 @@ ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp)
 
     case 301:
     case 302:
+    case 307:
       {
         const char *s = http_get_header (http, "Location");
 
@@ -125,6 +151,7 @@ ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp)
                 url = request_buffer;
                 http_close (http, 0);
                 http = NULL;
+                http_session_release (session);
                 goto once_more;
               }
             err = gpg_error_from_syserror ();
@@ -156,6 +183,7 @@ ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp)
 
  leave:
   http_close (http, 0);
+  http_session_release (session);
   xfree (request_buffer);
   return err;
 }