Check that libcurl supports SSL if using HKPS with HKP backend

Use CURL's runtime feature checking to ensure that we have support
for SSL before trying to use a HKPS (HTTPS) remote keyserver with
the HKP keydb backend.

diff --git a/keydb_hkp.c b/keydb_hkp.c
index 0c56dde5ddb9eeab15219c874269d6634838cbe5..ac1edace24617127c6cd6375c7241f493044e025 100644 (file)
--- a/keydb_hkp.c
+++ b/keydb_hkp.c
@@ -90,6 +90,20 @@ out:
        return ret;
 }
 
+/**
+ *     cleanupdb - De-initialize the key database.
+ *
+ *     We cleanup CURL here.
+ */
+static void hkp_cleanupdb(void)
+{
+       if (curl) {
+               curl_easy_cleanup(curl);
+               curl = NULL;
+       }
+       curl_global_cleanup();
+}
+
 /**
  *     initdb - Initialize the key database.
  *
@@ -97,6 +111,8 @@ out:
  */
 static void hkp_initdb(bool readonly)
 {
+       curl_version_info_data *curl_info;
+
        if (!hkp_parse_url(config.db_dir)) {
                exit(EXIT_FAILURE);
        }
@@ -107,20 +123,17 @@ static void hkp_initdb(bool readonly)
                exit(EXIT_FAILURE);
        }
        curl_easy_setopt(curl, CURLOPT_USERAGENT, "onak/" ONAK_VERSION);
-}
 
-/**
- *     cleanupdb - De-initialize the key database.
- *
- *     We cleanup CURL here.
- */
-static void hkp_cleanupdb(void)
-{
-       if (curl) {
-               curl_easy_cleanup(curl);
-               curl = NULL;
+       if (strncmp(hkpbase, "https://", 8) == 0) {
+               curl_info = curl_version_info(CURLVERSION_NOW);
+               if (! (curl_info->features & CURL_VERSION_SSL)) {
+                       logthing(LOGTHING_CRITICAL,
+                               "CURL lacks SSL support; cannot use HKP url: %s",
+                               hkpbase);
+                       hkp_cleanupdb();
+                       exit(EXIT_FAILURE);
+               }
        }
-       curl_global_cleanup();
 }
 
 /**