From 16ae3252567b1ea75fe76e89e1c16130578deea4f912d1b8a565ad954e1cb279 Mon Sep 17 00:00:00 2001
From: Andreas Stieger <andreas.stieger@gmx.de>
Date: Mon, 23 Mar 2015 13:47:16 +0000
Subject: [PATCH] Accepting request 292435 from
 home:namtrac:branches:Base:System

- Add hkps-fix-host-name-verification-when-using-pools.patch to
  fix hkps support w/ pools. Upstream commit dc10d46.

OBS-URL: https://build.opensuse.org/request/show/292435
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=98
---
 gpg2.changes                                  |   6 +
 gpg2.spec                                     |   2 +
 ...t-name-verification-when-using-pools.patch | 104 ++++++++++++++++++
 3 files changed, 112 insertions(+)
 create mode 100644 hkps-fix-host-name-verification-when-using-pools.patch

diff --git a/gpg2.changes b/gpg2.changes
index 7a430c2..8b9a6bb 100644
--- a/gpg2.changes
+++ b/gpg2.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon Mar 23 11:48:24 UTC 2015 - idonmez@suse.com
+
+- Add hkps-fix-host-name-verification-when-using-pools.patch to
+  fix hkps support w/ pools. Upstream commit dc10d46.
+
 -------------------------------------------------------------------
 Thu Mar 19 15:56:12 UTC 2015 - astieger@suse.com
 
diff --git a/gpg2.spec b/gpg2.spec
index 7a620eb..52e35c0 100644
--- a/gpg2.spec
+++ b/gpg2.spec
@@ -34,6 +34,7 @@ Patch8:         gnupg-set_umask_before_open_outfile.patch
 Patch9:         gnupg-detect_FIPS_mode.patch
 Patch11:        gnupg-add_legacy_FIPS_mode_option.patch
 Patch15:        0001-gpg-Skip-legacy-keys-while-searching-keyrings.patch
+Patch16:        hkps-fix-host-name-verification-when-using-pools.patch
 BuildRequires:  expect
 BuildRequires:  fdupes
 BuildRequires:  gnutls-devel >= 3.0
@@ -82,6 +83,7 @@ gpg-agent, and a keybox library.
 %patch9 -p1
 %patch11 -p1
 %patch15 -p1
+%patch16 -p1
 
 %build
 # build PIEs (position independent executables) for address space randomisation:
diff --git a/hkps-fix-host-name-verification-when-using-pools.patch b/hkps-fix-host-name-verification-when-using-pools.patch
new file mode 100644
index 0000000..8c59a16
--- /dev/null
+++ b/hkps-fix-host-name-verification-when-using-pools.patch
@@ -0,0 +1,104 @@
+From dc10d466bff53821f23d2cb4814c259d40c5d9c5 Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk@gnupg.org>
+Date: Thu, 19 Mar 2015 15:37:05 +0100
+Subject: [PATCH] hkps: Fix host name verification when using pools.
+
+* common/http.c (send_request): Set the requested for SNI.
+* dirmngr/ks-engine-hkp.c (map_host): Return the poolname and not
+the selecting a host.
+--
+
+GnuPG-bug-id: 1792
+
+Thanks to davidw for figuring out the problem.
+
+Signed-off-by: Werner Koch <wk@gnupg.org>
+---
+ common/http.c           |  6 ++++--
+ dirmngr/ks-engine-hkp.c | 25 ++++++++++++++++++-------
+ 2 files changed, 22 insertions(+), 9 deletions(-)
+
+diff --git a/common/http.c b/common/http.c
+index 50c0692..12e3fcb 100644
+--- a/common/http.c
++++ b/common/http.c
+@@ -1443,7 +1443,8 @@ send_request (http_t hd, const char *httphost, const char *auth,
+         }
+ 
+ # if HTTP_USE_NTBTLS
+-      err = ntbtls_set_hostname (hd->session->tls_session, server);
++      err = ntbtls_set_hostname (hd->session->tls_session,
++                                 hd->session->servername);
+       if (err)
+         {
+           log_info ("ntbtls_set_hostname failed: %s\n", gpg_strerror (err));
+@@ -1452,7 +1453,8 @@ send_request (http_t hd, const char *httphost, const char *auth,
+ # elif HTTP_USE_GNUTLS
+       rc = gnutls_server_name_set (hd->session->tls_session,
+                                    GNUTLS_NAME_DNS,
+-                                   server, strlen (server));
++                                   hd->session->servername,
++                                   strlen (hd->session->servername));
+       if (rc < 0)
+         log_info ("gnutls_server_name_set failed: %s\n", gnutls_strerror (rc));
+ # endif /*HTTP_USE_GNUTLS*/
+diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
+index ea607cb..0568094 100644
+--- a/dirmngr/ks-engine-hkp.c
++++ b/dirmngr/ks-engine-hkp.c
+@@ -521,6 +521,14 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
+   hi = hosttable[idx];
+   if (hi->pool)
+     {
++      /* Deal with the pool name before selecting a host. */
++      if (r_poolname && hi->cname)
++        {
++          *r_poolname = xtrystrdup (hi->cname);
++          if (!*r_poolname)
++            return gpg_error_from_syserror ();
++        }
++
+       /* If the currently selected host is now marked dead, force a
+          re-selection .  */
+       if (force_reselect)
+@@ -536,6 +544,11 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
+           if (hi->poolidx == -1)
+             {
+               log_error ("no alive host found in pool '%s'\n", name);
++              if (r_poolname)
++                {
++                  xfree (*r_poolname);
++                  *r_poolname = NULL;
++                }
+               return gpg_error (GPG_ERR_NO_KEYSERVER);
+             }
+         }
+@@ -548,6 +561,11 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
+   if (hi->dead)
+     {
+       log_error ("host '%s' marked as dead\n", hi->name);
++      if (r_poolname)
++        {
++          xfree (*r_poolname);
++          *r_poolname = NULL;
++        }
+       return gpg_error (GPG_ERR_NO_KEYSERVER);
+     }
+ 
+@@ -564,13 +582,6 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
+         *r_httpflags |= HTTP_FLAG_IGNORE_IPv6;
+     }
+ 
+-  if (r_poolname && hi->pool && hi->cname)
+-    {
+-      *r_poolname = xtrystrdup (hi->cname);
+-      if (!*r_poolname)
+-        return gpg_error_from_syserror ();
+-    }
+-
+   *r_host = xtrystrdup (hi->name);
+   if (!*r_host)
+     {
+-- 
+2.1.4
+