* keyserver.c (keyserver_import_cert): Handle the IPGP CERT type for
authorDavid Shaw <dshaw@jabberwocky.com>
Fri, 17 Mar 2006 05:20:13 +0000 (05:20 +0000)
committerDavid Shaw <dshaw@jabberwocky.com>
Fri, 17 Mar 2006 05:20:13 +0000 (05:20 +0000)
both the fingerprint alone, and fingerprint+URL cases.

* getkey.c (get_pubkey_byname): Minor cleanup.

g10/ChangeLog
g10/getkey.c
g10/keyserver.c

index d3df255..27a7c04 100644 (file)
@@ -1,3 +1,10 @@
+2006-03-16  David Shaw  <dshaw@jabberwocky.com>
+
+       * keyserver.c (keyserver_import_cert): Handle the IPGP CERT type
+       for both the fingerprint alone, and fingerprint+URL cases.
+
+       * getkey.c (get_pubkey_byname): Minor cleanup.
+
 2006-03-13  David Shaw  <dshaw@jabberwocky.com>
 
        * keyserver-internal.h, keyserver.c (keyserver_import_pka): Use
index 8594ad9..0a314c4 100644 (file)
@@ -917,7 +917,6 @@ get_pubkey_byname (PKT_public_key *pk,
 
   if (rc == G10ERR_NO_PUBKEY && is_valid_mailbox(name))
     {
-      int res;
       struct akl *akl;
 
       for(akl=opt.auto_key_locate;akl;akl=akl->next)
@@ -929,29 +928,29 @@ get_pubkey_byname (PKT_public_key *pk,
            {
            case AKL_CERT:
              glo_ctrl.in_auto_key_retrieve++;
-             res=keyserver_import_cert(name,&fpr,&fpr_len);
+             rc=keyserver_import_cert(name,&fpr,&fpr_len);
              glo_ctrl.in_auto_key_retrieve--;
 
-             if(res==0)
+             if(rc==0)
                log_info(_("Automatically retrieved `%s' via %s\n"),
                         name,"DNS CERT");
              break;
 
            case AKL_PKA:
              glo_ctrl.in_auto_key_retrieve++;
-             res=keyserver_import_pka(name,&fpr,&fpr_len);
+             rc=keyserver_import_pka(name,&fpr,&fpr_len);
 
-             if(res==0)
+             if(rc==0)
                log_info(_("Automatically retrieved `%s' via %s\n"),
                         name,"PKA");
              break;
 
            case AKL_LDAP:
              glo_ctrl.in_auto_key_retrieve++;
-             res=keyserver_import_ldap(name,&fpr,&fpr_len);
+             rc=keyserver_import_ldap(name,&fpr,&fpr_len);
              glo_ctrl.in_auto_key_retrieve--;
 
-             if(res==0)
+             if(rc==0)
                log_info(_("Automatically retrieved `%s' via %s\n"),
                         name,"LDAP");
              break;
@@ -964,10 +963,10 @@ get_pubkey_byname (PKT_public_key *pk,
              if(opt.keyserver)
                {
                  glo_ctrl.in_auto_key_retrieve++;
-                 res=keyserver_import_name(name,&fpr,&fpr_len,opt.keyserver);
+                 rc=keyserver_import_name(name,&fpr,&fpr_len,opt.keyserver);
                  glo_ctrl.in_auto_key_retrieve--;
 
-                 if(res==0)
+                 if(rc==0)
                    log_info(_("Automatically retrieved `%s' via %s\n"),
                             name,opt.keyserver->uri);
                }
@@ -979,10 +978,10 @@ get_pubkey_byname (PKT_public_key *pk,
 
                keyserver=keyserver_match(akl->spec);
                glo_ctrl.in_auto_key_retrieve++;
-               res=keyserver_import_name(name,&fpr,&fpr_len,keyserver);
+               rc=keyserver_import_name(name,&fpr,&fpr_len,keyserver);
                glo_ctrl.in_auto_key_retrieve--;
 
-               if(res==0)
+               if(rc==0)
                  log_info(_("Automatically retrieved `%s' via %s\n"),
                           name,akl->spec->uri);
              }
@@ -996,7 +995,7 @@ get_pubkey_byname (PKT_public_key *pk,
             requirement as the URL might point to a key put in by an
             attacker.  By forcing the use of the fingerprint, we
             won't use the attacker's key here. */
-         if(res==0 && fpr)
+         if(rc==0 && fpr)
            {
              int i;
              char fpr_string[MAX_FINGERPRINT_LEN*2+1];
index 30e8ae6..256691a 100644 (file)
@@ -1985,7 +1985,7 @@ keyserver_import_cert(const char *name,unsigned char **fpr,size_t *fpr_len)
 {
   char *domain,*look,*url;
   IOBUF key;
-  int type,rc=-1;
+  int type,rc=G10ERR_GENERAL;
 
   look=xstrdup(name);
 
@@ -1993,7 +1993,7 @@ keyserver_import_cert(const char *name,unsigned char **fpr,size_t *fpr_len)
   if(domain)
     *domain='.';
 
-  type=get_cert(look,max_cert_size,&key,NULL,NULL,&url);
+  type=get_cert(look,max_cert_size,&key,fpr,fpr_len,&url);
   if(type==1)
     {
       int armor_status=opt.no_armor;
@@ -2008,21 +2008,34 @@ keyserver_import_cert(const char *name,unsigned char **fpr,size_t *fpr_len)
 
       iobuf_close(key);
     }
-  else if(type==2)
+  else if(type==2 && *fpr)
     {
-      struct keyserver_spec *spec;
-
-      spec=parse_keyserver_uri(url,1,NULL,0);
-      if(spec)
+      /* We only consider the IPGP type if a fingerprint was provided.
+        This lets us select the right key regardless of what a URL
+        points to, or get the key from a keyserver. */
+      if(url)
        {
-         STRLIST list=NULL;
+         struct keyserver_spec *spec;
 
-         add_to_strlist(&list,url);
+         spec=parse_keyserver_uri(url,1,NULL,0);
+         if(spec)
+           {
+             STRLIST list=NULL;
 
-         rc=keyserver_fetch(list);
+             add_to_strlist(&list,url);
 
-         free_strlist(list);
-         free_keyserver_spec(spec);
+             rc=keyserver_fetch(list);
+
+             free_strlist(list);
+             free_keyserver_spec(spec);
+           }
+       }
+      else if(opt.keyserver)
+       {
+         /* If only a fingerprint is provided, try and fetch it from
+            our --keyserver */
+
+         rc=keyserver_import_fprint(*fpr,*fpr_len,opt.keyserver);
        }
 
       xfree(url);