* gpgkeys_ldap.c (main): Don't try and error out before making a ldaps
authorDavid Shaw <dshaw@jabberwocky.com>
Wed, 28 Jul 2004 02:36:45 +0000 (02:36 +0000)
committerDavid Shaw <dshaw@jabberwocky.com>
Wed, 28 Jul 2004 02:36:45 +0000 (02:36 +0000)
connection to the NAI keyserver since we cannot tell if it is a NAI
keyserver until we connect.  Fail if we cannot find a base keyspace DN.
Fix a false success message for TLS being enabled.

keyserver/ChangeLog
keyserver/gpgkeys_ldap.c

index 1911b7e..e364daf 100644 (file)
@@ -1,3 +1,11 @@
+2004-07-27  David Shaw  <dshaw@jabberwocky.com>
+
+       * gpgkeys_ldap.c (main): Don't try and error out before making a
+       ldaps connection to the NAI keyserver since we cannot tell if it
+       is a NAI keyserver until we connect.  Fail if we cannot find a
+       base keyspace DN.  Fix a false success message for TLS being
+       enabled.
+
 2004-07-20  Werner Koch  <wk@gnupg.org>
 
        * gpgkeys_ldap.c [_WIN32]: Include Windows specific header files.
index a1c50f2..9db0026 100644 (file)
@@ -1699,38 +1699,28 @@ main(int argc,char *argv[])
 
   if(use_ssl)
     {
-      if(!real_ldap)
-       {
-         fprintf(console,"gpgkeys: unable to make SSL connection: %s\n",
-                 "not supported by the NAI LDAP keyserver");
-         fail_all(keylist,action,KEYSERVER_INTERNAL_ERROR);
-         goto fail;
-       }
-      else
-       {
 #if defined(LDAP_OPT_X_TLS_HARD) && defined(HAVE_LDAP_SET_OPTION)
-         int ssl=LDAP_OPT_X_TLS_HARD;
-         err=ldap_set_option(ldap,LDAP_OPT_X_TLS,&ssl);
-         if(err!=LDAP_SUCCESS)
-           {
-             fprintf(console,"gpgkeys: unable to make SSL connection: %s\n",
-                     ldap_err2string(err));
-             fail_all(keylist,action,ldap_err_to_gpg_err(err));
-             goto fail;
-           }
-#else
+      int ssl=LDAP_OPT_X_TLS_HARD;
+      err=ldap_set_option(ldap,LDAP_OPT_X_TLS,&ssl);
+      if(err!=LDAP_SUCCESS)
+       {
          fprintf(console,"gpgkeys: unable to make SSL connection: %s\n",
-                 "not built with LDAPS support");
-         fail_all(keylist,action,KEYSERVER_INTERNAL_ERROR);
+                 ldap_err2string(err));
+         fail_all(keylist,action,ldap_err_to_gpg_err(err));
          goto fail;
-#endif
        }
+#else
+      fprintf(console,"gpgkeys: unable to make SSL connection: %s\n",
+             "not built with LDAPS support");
+      fail_all(keylist,action,KEYSERVER_INTERNAL_ERROR);
+      goto fail;
+#endif
     }
 
-  if((err=find_basekeyspacedn()))
+  if((err=find_basekeyspacedn()) || !basekeyspacedn)
     {
       fprintf(console,"gpgkeys: unable to retrieve LDAP base: %s\n",
-             ldap_err2string(err));
+             err?ldap_err2string(err):"not found");
       fail_all(keylist,action,ldap_err_to_gpg_err(err));
       goto fail;
     }
@@ -1761,10 +1751,11 @@ main(int argc,char *argv[])
          if(err==LDAP_SUCCESS)
            err=ldap_start_tls_s(ldap,NULL,NULL);
 
-         if(err!=LDAP_SUCCESS && use_tls>=2)
+         if(err!=LDAP_SUCCESS)
            {
-             fprintf(console,"gpgkeys: unable to start TLS: %s\n",
-                     ldap_err2string(err));
+             if(use_tls==2 || verbose>2)
+               fprintf(console,"gpgkeys: unable to start TLS: %s\n",
+                       ldap_err2string(err));
              /* Are we forcing it? */
              if(use_tls==3)
                {
@@ -1772,7 +1763,7 @@ main(int argc,char *argv[])
                  goto fail;
                }
            }
-         else if(verbose>1)
+         else if(err==LDAP_SUCCESS && verbose>1)
            fprintf(console,"gpgkeys: TLS started successfully.\n");
 #else
          if(use_tls>=2)