Page MenuHome GnuPG

Remove LDAP code duplication in dirmngr
Open, NormalPublic


Due to rG51341badb623 we got two different ways to access LDAP servers
in dirmngr:

  • For CRLs and general X.509 certificate retrieval we use our dirmngr_ldap helper which has the advantage not to spoil our process with another crypto library due to dependencies of OpenLDAP. Further this code allows us to have a proper timeout even got stuck in attribute retrieval.
  • For OpenPGP keyserver lookup and upload we use direct calls do the LDAP library. Thus no timeout but a slighly better performance for short and quick requests.

The helper process dirmngr_ldap is actually a good idea and I am in
favor of keeping it - maybe allowing for a co-process model. For Windows we might opt for a direct linking, though.

Event Timeline

werner triaged this task as Normal priority.Mar 17 2023, 2:36 PM
werner created this task.
werner created this object with edit policy "Contributor (Project)".