Maniphest T8287

GpgME: No error on key export to invalid ldap keyserver url
Closed, ResolvedPublic
Actions

Assigned To
werner
Authored By
timegrid
Fri, Jun 5, 3:14 PM
Tags
Subscribers
alexk
ikloecker
pl13
timegrid
werner

Description

During actium tests I encountered a problem with the gpgme export function (ctx.Export() in the go bindings) with export mode extern.
Given a broken ldap address in dirmngr.conf (e.g. keyserver ldap:doesnotexist::::), the function will happily return without any errors.
On console a gpg --send-keys will complain about it:

$ gpg --send-keys A7AC9BFA730300F81EC8C66C24E1242A9EE88FC7
gpg: sending key 24E1242A9EE88FC7 to ldap:doesnotexist
gpg: keyserver send failed: Cannot contact LDAP server
gpg: keyserver send failed: Cannot contact LDAP server

To reproduce with python bindings (same behaviour, no error):

import gpg
fpr = "A7AC9BFA730300F81EC8C66C24E1242A9EE88FC7"
with gpg.Context() as ctx:
    ctx.op_export(fpr, gpg.constants.EXPORT_MODE_EXTERN, None)

Details

Version
gpgme-2.1.0, actium 1.3.1

Revisions and Commits

rM GPGME
rM8dad6c1d1ccd Let gpgme_op_export also return operational errors.

Related Objects

Event Timeline

timegrid triaged this task as Normal priority.Fri, Jun 5, 3:14 PM
timegrid created this task.
timegrid created this object in space Restricted Space.
timegrid created this object with visibility "g10code (Project)".
timegrid created this object with edit policy "g10code (Project)".
ikloecker added a subscriber: ikloecker.Mon, Jun 8, 10:16 AM

Always run gpg with --status-fd 2 to see if gpg actually reports any errors to gpgme.

timegrid added a comment.Mon, Jun 8, 10:51 AM

Looks like it does:

$ gpg --status-fd 2 --send-keys EFA8D19C75B3A693FBF5AB44BAEFFAEB6961EDEC
gpg: sending key BAEFFAEB6961EDEC to ldap:doesnotexist
[GNUPG:] ERROR keyserver_send 767
gpg: keyserver send failed: Cannot contact LDAP server
[GNUPG:] FAILURE send-keys 767
gpg: keyserver send failed: Cannot contact LDAP server
ikloecker added a comment.Mon, Jun 8, 11:55 AM

Kleopatra reports an error.

And gpgme's run-export also seems to report an error:

$ tests/run-export --verbose --status --extern AEA84EDCF01AD86C4701C85C63113AE866587D0A
status_cb: KEY_CONSIDERED AEA84EDCF01AD86C4701C85C63113AE866587D0A 0
status_cb:  
keyid: 63113AE866587D0A  (fpr: AEA84EDCF01AD86C4701C85C63113AE866587D0A)
sending keys to keyserver
status_cb: ERROR keyserver_send 767
status_cb: FAILURE send-keys 767
status_cb:  
run-export: file /home/ingo/dev/g10/src/gpgme/tests/run-export.c line 245: <Unspecified source> Cannot contact LDAP server
timegrid added a comment.Mon, Jun 8, 12:39 PM

tests/run-export tests against export_keys(). If i change the python script to use export_keys(), i also do get the error:

import gpg
fpr = "3DAC6A905F38A21BAC09A1659BD5E1B747CCE2E3"
with gpg.Context() as ctx:
    keylist = ctx.keylist(fpr)
    key = next(keylist)
    ctx.op_export_keys([key], gpg.constants.EXPORT_MODE_EXTERN, None)

Output:

gpg.errors.GPGMEError: gpgme_op_export_keys: Unspecified source: Cannot contact LDAP server

But currently actium is using export().
From what I understand in the docs, this should be fine and the error should be passed, right?

werner shifted this object from the Restricted Space space to the S1 Public space.Mon, Jun 22, 4:06 PM
werner changed the visibility from "g10code (Project)" to "Public (No Login Required)".
werner moved this task from Backlog to WiP on the gpgme board.Mon, Jun 22, 4:16 PM
werner added a commit: rM8dad6c1d1ccd: Let gpgme_op_export also return operational errors..Mon, Jun 22, 6:13 PM
pl13 added a subscriber: pl13.Tue, Jun 23, 11:19 AM
werner closed this task as Resolved.Thu, Jun 25, 4:05 PM
werner claimed this task.
werner mentioned this in T8269: Release GPGME 2.1.1.