* curl-shim.c (curl_easy_perform): Fix compile warning.
authorDavid Shaw <dshaw@jabberwocky.com>
Sat, 12 Feb 2005 03:15:02 +0000 (03:15 +0000)
committerDavid Shaw <dshaw@jabberwocky.com>
Sat, 12 Feb 2005 03:15:02 +0000 (03:15 +0000)
* curl-shim.h, gpgkeys_curl.c (main), gpgkeys_ldap.c (main): Add
ca-cert-file option, to pass in the SSL cert.

keyserver/ChangeLog
keyserver/curl-shim.c
keyserver/curl-shim.h
keyserver/gpgkeys_curl.c
keyserver/gpgkeys_ldap.c

index 0a0ab1a..5734e0c 100644 (file)
@@ -1,5 +1,10 @@
 2005-02-11  David Shaw  <dshaw@jabberwocky.com>
 
+       * curl-shim.c (curl_easy_perform): Fix compile warning.
+
+       * curl-shim.h, gpgkeys_curl.c (main), gpgkeys_ldap.c (main): Add
+       ca-cert-file option, to pass in the SSL cert.
+
        * curl-shim.h, curl-shim.c: New.  This is code to fake the curl
        API in terms of the current HTTP iobuf API.
 
index 623d685..088d65f 100644 (file)
@@ -129,7 +129,7 @@ CURLcode curl_easy_perform(CURL *curl)
     }
   else
     {
-      size_t maxlen=1024,buflen,len;
+      unsigned int maxlen=1024,buflen,len;
       byte *line=NULL;
 
       while((len=iobuf_read_line(curl->hd.fp_read,&line,&buflen,&maxlen)))
index eb91af3..906d434 100644 (file)
@@ -42,7 +42,8 @@ typedef enum
     CURLOPT_STDERR,
     CURLOPT_VERBOSE,
     CURLOPT_SSL_VERIFYPEER,
-    CURLOPT_PROXY
+    CURLOPT_PROXY,
+    CURLOPT_CAINFO
   } CURLoption;
 
 typedef size_t (*write_func)(char *buffer,size_t size,
index 7c3dcb3..c2d51f2 100644 (file)
@@ -158,6 +158,7 @@ main(int argc,char *argv[])
   char *thekey=NULL;
   unsigned int timeout=DEFAULT_KEYSERVER_TIMEOUT;
   long follow_redirects=5,debug=0,check_cert=1;
+  char *ca_cert_file=NULL;
 
   console=stderr;
 
@@ -344,6 +345,26 @@ main(int argc,char *argv[])
              else
                check_cert=1;
            }
+         else if(strncasecmp(start,"ca-cert-file",12)==0)
+           {
+             if(no)
+               {
+                 free(ca_cert_file);
+                 ca_cert_file=NULL;
+               }
+             else if(start[12]=='=')
+               {
+                 free(ca_cert_file);
+                 ca_cert_file=strdup(&start[13]);
+                 if(!ca_cert_file)
+                   {
+                     fprintf(console,"gpgkeys: out of memory while creating "
+                             "ca_cert_file\n");
+                     ret=KEYSERVER_NO_MEMORY;
+                     goto fail;
+                   }
+               }
+           }
 
          continue;
        }
@@ -406,6 +427,9 @@ main(int argc,char *argv[])
 
   curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,check_cert);
 
+  if(ca_cert_file)
+    curl_easy_setopt(curl,CURLOPT_CAINFO,ca_cert_file);
+
   if(proxy[0])
     curl_easy_setopt(curl,CURLOPT_PROXY,proxy);
 
index d6b280a..94c6fb6 100644 (file)
@@ -1549,6 +1549,7 @@ main(int argc,char *argv[])
   int version,failed=0,use_ssl=0,use_tls=0,bound=0,check_cert=1;
   struct keylist *keylist=NULL,*keyptr=NULL;
   unsigned int timeout=DEFAULT_KEYSERVER_TIMEOUT;
+  char *ca_cert_file=NULL;
 
   console=stderr;
 
@@ -1776,6 +1777,26 @@ main(int argc,char *argv[])
              else if(start[7]=='\0')
                timeout=DEFAULT_KEYSERVER_TIMEOUT;
            }
+         else if(strncasecmp(start,"ca-cert-file",12)==0)
+           {
+             if(no)
+               {
+                 free(ca_cert_file);
+                 ca_cert_file=NULL;
+               }
+             else if(start[12]=='=')
+               {
+                 free(ca_cert_file);
+                 ca_cert_file=strdup(&start[13]);
+                 if(!ca_cert_file)
+                   {
+                     fprintf(console,"gpgkeys: out of memory while creating "
+                             "ca_cert_file\n");
+                     ret=KEYSERVER_NO_MEMORY;
+                     goto fail;
+                   }
+               }
+           }
 
          continue;
        }
@@ -1787,6 +1808,20 @@ main(int argc,char *argv[])
       return KEYSERVER_INTERNAL_ERROR;
     }
 
+#if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS_CACERTFILE)
+  if(ca_cert_file)
+    {
+      err=ldap_set_option(NULL,LDAP_OPT_X_TLS_CACERTFILE,ca_cert_file);
+      if(err!=LDAP_SUCCESS)
+       {
+         fprintf(console,"gpgkeys: unable to set ca-cert-file: %s\n",
+                 ldap_err2string(err));
+         ret=KEYSERVER_INTERNAL_ERROR;
+         goto fail;
+       }
+    }
+#endif /* HAVE_LDAP_SET_OPTION && LDAP_OPT_X_TLS_CACERTFILE */
+
   /* SSL trumps TLS */
   if(use_ssl)
     use_tls=0;