From bf1663c89ac492bb7aab692b0c0e9966953c883f Mon Sep 17 00:00:00 2001 From: Jonathan McDowell Date: Fri, 1 Nov 2013 21:51:09 -0700 Subject: [PATCH] Check that libcurl supports SSL if using HKPS with HKP backend Use CURL's runtime feature checking to ensure that we have support for SSL before trying to use a HKPS (HTTPS) remote keyserver with the HKP keydb backend. --- keydb_hkp.c | 37 +++++++++++++++++++++++++------------ 1 file changed, 25 insertions(+), 12 deletions(-) diff --git a/keydb_hkp.c b/keydb_hkp.c index 0c56dde..ac1edac 100644 --- a/keydb_hkp.c +++ b/keydb_hkp.c @@ -90,6 +90,20 @@ out: return ret; } +/** + * cleanupdb - De-initialize the key database. + * + * We cleanup CURL here. + */ +static void hkp_cleanupdb(void) +{ + if (curl) { + curl_easy_cleanup(curl); + curl = NULL; + } + curl_global_cleanup(); +} + /** * initdb - Initialize the key database. * @@ -97,6 +111,8 @@ out: */ static void hkp_initdb(bool readonly) { + curl_version_info_data *curl_info; + if (!hkp_parse_url(config.db_dir)) { exit(EXIT_FAILURE); } @@ -107,20 +123,17 @@ static void hkp_initdb(bool readonly) exit(EXIT_FAILURE); } curl_easy_setopt(curl, CURLOPT_USERAGENT, "onak/" ONAK_VERSION); -} -/** - * cleanupdb - De-initialize the key database. - * - * We cleanup CURL here. - */ -static void hkp_cleanupdb(void) -{ - if (curl) { - curl_easy_cleanup(curl); - curl = NULL; + if (strncmp(hkpbase, "https://", 8) == 0) { + curl_info = curl_version_info(CURLVERSION_NOW); + if (! (curl_info->features & CURL_VERSION_SSL)) { + logthing(LOGTHING_CRITICAL, + "CURL lacks SSL support; cannot use HKP url: %s", + hkpbase); + hkp_cleanupdb(); + exit(EXIT_FAILURE); + } } - curl_global_cleanup(); } /** -- 2.39.2