Home GnuPG
Diffusion GnuPG 289fbc550d18

dirmngr: Fix CRL DP error fallback to other schemes.

Description

dirmngr: Fix CRL DP error fallback to other schemes.

* dirmngr/crlcache.c (crl_cache_reload_crl): Rework the double loop.
Remove the unused issuername_uri stuff.

It is quite common that LDAP servers are blocked and thuis the HTTP
access point should be used instead. This worked well for
certificates where the DP are given in this form:

crlDP: ldap://x500.bund.de/[...]
       http://x500.bund.de/[...]
       issuer: none

but it failed for this form

crlDP: ldap://x500.bund.de/[...]
       issuer: none
crlDP: http://x500.bund.de/[...]
       issuer: none

because the LAST_ERR thing terminated the outer loop. This pacth
fixes this and also cleans up the code to be more robust.

Note that the common workaround of using --ignore-ldap-dp will now
only be needed if the firewall uses packet dropping instead of proper
ICMP rejects.

Details

Provenance
wernerAuthored on Sep 16 2022, 4:45 PM
Parents
rGed1264e74b11: build: Update gpg-error.m4.
Branches
Unknown
Tags
Unknown