rpm/gpg2
SHA256
1
0
Fork 0
forked from pool/gpg2
Code Pull Requests Activity

Accepting request 292435 from home:namtrac:branches:Base:System

Browse Source 
- Add hkps-fix-host-name-verification-when-using-pools.patch to
  fix hkps support w/ pools. Upstream commit dc10d46.

OBS-URL: https://build.opensuse.org/request/show/292435
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=98
This commit is contained in:
Andreas Stieger 2015-03-23 13:47:16 +00:00 committed by Git OBS Bridge
parent 53705b7c8f
commit 16ae325256
3 changed files with 112 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
gpg2.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Mon Mar 23 11:48:24 UTC 2015 - idonmez@suse.com
- Add hkps-fix-host-name-verification-when-using-pools.patch to
fix hkps support w/ pools. Upstream commit dc10d46.
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Mar 19 15:56:12 UTC 2015 - astieger@suse.com Thu Mar 19 15:56:12 UTC 2015 - astieger@suse.com

2
gpg2.spec
View File

@ -34,6 +34,7 @@ Patch8: gnupg-set_umask_before_open_outfile.patch
Patch9: gnupg-detect_FIPS_mode.patch Patch9: gnupg-detect_FIPS_mode.patch
Patch11: gnupg-add_legacy_FIPS_mode_option.patch Patch11: gnupg-add_legacy_FIPS_mode_option.patch
Patch15: 0001-gpg-Skip-legacy-keys-while-searching-keyrings.patch Patch15: 0001-gpg-Skip-legacy-keys-while-searching-keyrings.patch
Patch16: hkps-fix-host-name-verification-when-using-pools.patch
BuildRequires: expect BuildRequires: expect
BuildRequires: fdupes BuildRequires: fdupes
BuildRequires: gnutls-devel >= 3.0 BuildRequires: gnutls-devel >= 3.0
@ -82,6 +83,7 @@ gpg-agent, and a keybox library.
%patch9 -p1 %patch9 -p1
%patch11 -p1 %patch11 -p1
%patch15 -p1 %patch15 -p1
%patch16 -p1
%build %build
# build PIEs (position independent executables) for address space randomisation: # build PIEs (position independent executables) for address space randomisation:

104
hkps-fix-host-name-verification-when-using-pools.patch Normal file
View File

@ -0,0 +1,104 @@
From dc10d466bff53821f23d2cb4814c259d40c5d9c5 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 19 Mar 2015 15:37:05 +0100
Subject: [PATCH] hkps: Fix host name verification when using pools.
* common/http.c (send_request): Set the requested for SNI.
* dirmngr/ks-engine-hkp.c (map_host): Return the poolname and not
the selecting a host.
--
GnuPG-bug-id: 1792
Thanks to davidw for figuring out the problem.
Signed-off-by: Werner Koch <wk@gnupg.org>
---
common/http.c | 6 ++++--
dirmngr/ks-engine-hkp.c | 25 ++++++++++++++++++-------
2 files changed, 22 insertions(+), 9 deletions(-)
diff --git a/common/http.c b/common/http.c
index 50c0692..12e3fcb 100644
--- a/common/http.c
+++ b/common/http.c
@@ -1443,7 +1443,8 @@ send_request (http_t hd, const char *httphost, const char *auth,
}
# if HTTP_USE_NTBTLS
- err = ntbtls_set_hostname (hd->session->tls_session, server);
+ err = ntbtls_set_hostname (hd->session->tls_session,
+ hd->session->servername);
if (err)
{
log_info ("ntbtls_set_hostname failed: %s\n", gpg_strerror (err));
@@ -1452,7 +1453,8 @@ send_request (http_t hd, const char *httphost, const char *auth,
# elif HTTP_USE_GNUTLS
rc = gnutls_server_name_set (hd->session->tls_session,
GNUTLS_NAME_DNS,
- server, strlen (server));
+ hd->session->servername,
+ strlen (hd->session->servername));
if (rc < 0)
log_info ("gnutls_server_name_set failed: %s\n", gnutls_strerror (rc));
# endif /*HTTP_USE_GNUTLS*/
diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
index ea607cb..0568094 100644
--- a/dirmngr/ks-engine-hkp.c
+++ b/dirmngr/ks-engine-hkp.c
@@ -521,6 +521,14 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
hi = hosttable[idx];
if (hi->pool)
{
+ /* Deal with the pool name before selecting a host. */
+ if (r_poolname && hi->cname)
+ {
+ *r_poolname = xtrystrdup (hi->cname);
+ if (!*r_poolname)
+ return gpg_error_from_syserror ();
+ }
+
/* If the currently selected host is now marked dead, force a
re-selection . */
if (force_reselect)
@@ -536,6 +544,11 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
if (hi->poolidx == -1)
{
log_error ("no alive host found in pool '%s'\n", name);
+ if (r_poolname)
+ {
+ xfree (*r_poolname);
+ *r_poolname = NULL;
+ }
return gpg_error (GPG_ERR_NO_KEYSERVER);
}
}
@@ -548,6 +561,11 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
if (hi->dead)
{
log_error ("host '%s' marked as dead\n", hi->name);
+ if (r_poolname)
+ {
+ xfree (*r_poolname);
+ *r_poolname = NULL;
+ }
return gpg_error (GPG_ERR_NO_KEYSERVER);
}
@@ -564,13 +582,6 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
*r_httpflags |= HTTP_FLAG_IGNORE_IPv6;
}
- if (r_poolname && hi->pool && hi->cname)
- {
- *r_poolname = xtrystrdup (hi->cname);
- if (!*r_poolname)
- return gpg_error_from_syserror ();
- }
-
*r_host = xtrystrdup (hi->name);
if (!*r_host)
{
--
2.1.4