Page MenuHome GnuPG
Create Task
Maniphest T4447

Fix addition of new GPG keys to LDAP
Closed, ResolvedPublic
Actions

Description

When a new key is being added to a ldap keyserver, dirmngr creates an LDAP object with only two attributes: pgpKey and pgpCertID. The rest of attributes is silently dropped. I have submitted a patch: https://dev.gnupg.org/D475

Details

Version
2.2.15

Related Objects

Event Timeline

gray created this task.Apr 3 2019, 11:27 AM
werner triaged this task as High priority.Apr 5 2019, 9:07 AM
MCMic added a subscriber: MCMic.Apr 25 2019, 9:24 AM
werner added a subscriber: werner.Nov 11 2019, 6:30 PM

See also D475.

While looking at this I figured that ks-engine-ldap links in all the stuff we do not want (i.e. a second crypto library) and due to the way it has been ported from the old ldap keyserver helper it does not make use of our LDAP infrastructure. Our LDAP code shall use the wapper so that we don't run into linkage problems with libldap, avoid spreading the code with npth_unprotect/protect, and to have a working timeout for all ldap calls. I wonder why the stuff works at all.

werner edited projects, added gnupg (gpg23); removed gnupg.Nov 11 2019, 6:32 PM
werner closed this task as Resolved.Jan 8 2021, 9:56 AM
werner claimed this task.

The code has been reworked to also support the updated schema which also stores the fingerprints and a parsed down mail address. See gnupg/doc/ldap/ . These changes are in master and 2.2.26. Sorry for taking so long to fix that.