Home GnuPG
Diffusion GnuPG c23c18c1543d

gpg: Screen keyserver responses.
c23c18c1543dUnpublished
Actions

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

Description

gpg: Screen keyserver responses.

* g10/main.h (import_screener_t): New.
* g10/import.c (import): Add screener callbacks to param list.
(import_one): Ditto.
(import_secret_one): Ditto.
(import_keys_internal): Ditto.
(import_keys_stream): Ditto.
* g10/keyserver.c (struct ks_retrieval_screener_arg_s): New.
(keyserver_retrieval_screener): New.
(keyserver_get): Pass screener to import_keys_es_stream().

These changes introduces import functions that apply a constraining
filter to imported keys. These filters can verify the fingerprints of
the keys returned before importing them into the keyring, ensuring
that the keys fetched from the keyserver are in fact those selected by
the user beforehand.

This is an extended and fixed versions of Stefan's patch. In addition
to the changes done in gnupg 2.0, namely the commits

5e933008beffbeae7255ece02383606481f9c169
044847a0e2013a2833605c1a9f80cfa6ef353309
088f82c0b5e39687f70e44d3ab719854e808eeb6

the symbol names have been changed to "screener" to void mixing them
up with the iobuf filter feature and it has been changed to be used
with the dirmngr based keyserver lookup.

  • Signed-off-by: Werner Koch <wk@gnupg.org>

Details

Provenance
wernerAuthored on Aug 14 2014, 3:20 PM
Parents
rGa61b28df1f29: scd: Minor changes to app-sc-hsm.
Branches
Unknown
Tags
Unknown

Event Timeline

Werner Koch <wk@gnupg.org> committed rGc23c18c1543d: gpg: Screen keyserver responses. (authored by Werner Koch <wk@gnupg.org>).Aug 14 2014, 3:21 PM

Changes (3)

PathSize
g10/

rGc23c18c1543d

View Options

g10/import.c

Loading...
View Options

g10/keyserver.c

Loading...
View Options

g10/main.h

Loading...