* doc/DETAILS: Specify new status code "NOTE".
* dirmngr/ks-engine-http.c (ks_http_fetch): Print a NOTE status for a
bad TLS certificate.
* g10/call-dirmngr.c (ks_status_cb): Detect this status.
--
For example a
gpg -v --locate-external-keys dd9jn@posteo.net
now yields
gpg: Note: server uses an invalid certificate
gpg: (further info: bad cert for 'posteo.net': \
Hostname does not match the certificate)
gpg: error retrieving 'dd9jn@posteo.net' via WKD: Wrong name
gpg: error reading key: Wrong name
(without -v the "further info" line is not shown). Note that even
after years Posteo is not able to provide a valid certificate for
their .net addresses. Anyway, this help to show the feature.
Signed-off-by: Werner Koch <wk@gnupg.org>
estream_t fp = NULL;
char *request_buffer = NULL;
parsed_uri_t uri = NULL;
+ parsed_uri_t helpuri = NULL;
err = http_parse_uri (&uri, url, 0);
if (err)
}
if (err)
{
- /* Fixme: After a redirection we show the old host name. */
log_error (_("error connecting to '%s': %s\n"),
url, gpg_strerror (err));
+ if (gpg_err_code (err) == GPG_ERR_WRONG_NAME
+ && gpg_err_source (err) == GPG_ERR_SOURCE_TLS)
+ {
+ const char *errhostname;
+
+ http_release_parsed_uri (helpuri);
+ if (http_parse_uri (&helpuri, url, 0))
+ errhostname = url; /* On parse error we use the full URL. */
+ else
+ errhostname = helpuri->host? helpuri->host : "?";
+
+ dirmngr_status_printf (ctrl, "NOTE",
+ "tls_cert_error %u"
+ " bad cert for '%s': %s",
+ err, errhostname,
+ "Hostname does not match the certificate");
+ }
goto leave;
}
http_session_release (session);
xfree (request_buffer);
http_release_parsed_uri (uri);
+ http_release_parsed_uri (helpuri);
return err;
}
numerical error code and an underscore; e.g.: "151011327_EOF".
*** WARNING <location> <error code> [<text>]
This is a generic warning status message, it might be followed by
- error location specific data. <error code> and <location>
- should not contain spaces. The error code is a either a string
- commencing with a letter or such a string prefixed with a
- numerical error code and an underscore; e.g.: "151011327_EOF".
+ error location specific data. <location> and <error code> may not
+ contain spaces. The <location> may be used to indicate a class of
+ warnings. The error code is a either a string commencing with a
+ letter or such a string prefixed with a numerical error code and
+ an underscore; e.g.: "151011327_EOF".
+*** NOTE <location> <error code> [<text>]
+ This is a generic info status message the same syntax as for
+ WARNING messages is used.
*** SUCCESS [<location>]
Positive confirmation that an operation succeeded. It is used
similar to ISO-C's EXIT_SUCCESS. <location> is optional but if
gpg_error_t err = 0;
const char *s, *s2;
const char *warn;
+ int is_note = 0;
if ((s = has_leading_keyword (line, parm->keyword? parm->keyword : "SOURCE")))
{
err = gpg_error_from_syserror ();
}
}
- else if ((s = has_leading_keyword (line, "WARNING")))
+ else if ((s = has_leading_keyword (line, "WARNING"))
+ || (is_note = !!(s = has_leading_keyword (line, "NOTE"))))
{
if ((s2 = has_leading_keyword (s, "tor_not_running")))
warn = _("Tor is not running");
warn = _("unacceptable HTTP redirect from server");
else if ((s2 = has_leading_keyword (s, "http_redirect_cleanup")))
warn = _("unacceptable HTTP redirect from server was cleaned up");
+ else if ((s2 = has_leading_keyword (s, "tls_cert_error")))
+ warn = _("server uses an invalid certificate");
else
warn = NULL;
if (warn)
{
- log_info (_("WARNING: %s\n"), warn);
+ if (is_note)
+ log_info (_("Note: %s\n"), warn);
+ else
+ log_info (_("WARNING: %s\n"), warn);
if (s2)
{
while (*s2 && !spacep (s2))
projects / gnupg.git / commitdiff