/* Get the key from URL which is expected to specify a http style scheme. On success R_FP has an open stream to read the data. */ gpg_error_t ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp) { gpg_error_t err; http_session_t session = NULL; http_t http = NULL; int redirects_left = MAX_REDIRECTS; estream_t fp = NULL; char *request_buffer = NULL; err = http_session_new (&session, NULL); if (err) goto leave; http_session_set_log_cb (session, cert_log_cb); *r_fp = NULL; once_more: err = http_open (&http, HTTP_REQ_GET, url, /* httphost */ NULL, /* fixme: AUTH */ NULL, 0, /* fixme: proxy*/ NULL, session, NULL, /*FIXME curl->srvtag*/NULL); if (!err) { fp = http_get_write_ptr (http); /* Avoid caches to get the most recent copy of the key. We set both the Pragma and Cache-Control versions of the header, so we're good with both HTTP 1.0 and 1.1. */ es_fputs ("Pragma: no-cache\r\n" "Cache-Control: no-cache\r\n", fp); http_start_data (http); if (es_ferror (fp)) err = gpg_error_from_syserror (); } if (err) { /* Fixme: After a redirection we show the old host name. */ log_error (_("error connecting to '%s': %s\n"), url, gpg_strerror (err)); goto leave; } /* Wait for the response. */ dirmngr_tick (ctrl); err = http_wait_response (http); if (err) { log_error (_("error reading HTTP response for '%s': %s\n"), url, gpg_strerror (err)); goto leave; } switch (http_get_status_code (http)) { case 200: err = 0; break; /* Success. */ case 301: case 302: case 307: { const char *s = http_get_header (http, "Location"); log_info (_("URL '%s' redirected to '%s' (%u)\n"), url, s?s:"[none]", http_get_status_code (http)); if (s && *s && redirects_left-- ) { xfree (request_buffer); request_buffer = xtrystrdup (s); if (request_buffer) { url = request_buffer; http_close (http, 0); http = NULL; goto once_more; } err = gpg_error_from_syserror (); } else err = gpg_error (GPG_ERR_NO_DATA); log_error (_("too many redirections\n")); } goto leave; default: log_error (_("error accessing '%s': http status %u\n"), url, http_get_status_code (http)); err = gpg_error (GPG_ERR_NO_DATA); goto leave; } fp = http_get_read_ptr (http); if (!fp) { err = gpg_error (GPG_ERR_BUG); goto leave; } /* Return the read stream and close the HTTP context. */ *r_fp = fp; http_close (http, 1); http = NULL; leave: http_close (http, 0); http_session_release (session); xfree (request_buffer); return err; }
/* Send an HTTP request. On success returns an estream object at R_FP. HOSTPORTSTR is only used for diagnostics. If HTTPHOST is not NULL it will be used as HTTP "Host" header. If POST_CB is not NULL a post request is used and that callback is called to allow writing the post data. */ static gpg_error_t send_request (ctrl_t ctrl, const char *request, const char *hostportstr, const char *httphost, unsigned int httpflags, gpg_error_t (*post_cb)(void *, http_t), void *post_cb_value, estream_t *r_fp) { gpg_error_t err; http_session_t session = NULL; http_t http = NULL; int redirects_left = MAX_REDIRECTS; estream_t fp = NULL; char *request_buffer = NULL; *r_fp = NULL; err = http_session_new (&session, NULL); if (err) goto leave; http_session_set_log_cb (session, cert_log_cb); once_more: err = http_open (&http, post_cb? HTTP_REQ_POST : HTTP_REQ_GET, request, httphost, /* fixme: AUTH */ NULL, (httpflags | (opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)), ctrl->http_proxy, session, NULL, /*FIXME curl->srvtag*/NULL); if (!err) { fp = http_get_write_ptr (http); /* Avoid caches to get the most recent copy of the key. We set both the Pragma and Cache-Control versions of the header, so we're good with both HTTP 1.0 and 1.1. */ es_fputs ("Pragma: no-cache\r\n" "Cache-Control: no-cache\r\n", fp); if (post_cb) err = post_cb (post_cb_value, http); if (!err) { http_start_data (http); if (es_ferror (fp)) err = gpg_error_from_syserror (); } } if (err) { /* Fixme: After a redirection we show the old host name. */ log_error (_("error connecting to '%s': %s\n"), hostportstr, gpg_strerror (err)); goto leave; } /* Wait for the response. */ dirmngr_tick (ctrl); err = http_wait_response (http); if (err) { log_error (_("error reading HTTP response for '%s': %s\n"), hostportstr, gpg_strerror (err)); goto leave; } if (http_get_tls_info (http, NULL)) { /* Update the httpflags so that a redirect won't fallback to an unencrypted connection. */ httpflags |= HTTP_FLAG_FORCE_TLS; } switch (http_get_status_code (http)) { case 200: err = 0; break; /* Success. */ case 301: case 302: case 307: { const char *s = http_get_header (http, "Location"); log_info (_("URL '%s' redirected to '%s' (%u)\n"), request, s?s:"[none]", http_get_status_code (http)); if (s && *s && redirects_left-- ) { xfree (request_buffer); request_buffer = xtrystrdup (s); if (request_buffer) { request = request_buffer; http_close (http, 0); http = NULL; goto once_more; } err = gpg_error_from_syserror (); } else err = gpg_error (GPG_ERR_NO_DATA); log_error (_("too many redirections\n")); } goto leave; default: log_error (_("error accessing '%s': http status %u\n"), request, http_get_status_code (http)); err = gpg_error (GPG_ERR_NO_DATA); goto leave; } /* FIXME: We should register a permanent redirection and whether a host has ever used TLS so that future calls will always use TLS. */ fp = http_get_read_ptr (http); if (!fp) { err = gpg_error (GPG_ERR_BUG); goto leave; } /* Return the read stream and close the HTTP context. */ *r_fp = fp; http_close (http, 1); http = NULL; leave: http_close (http, 0); http_session_release (session); xfree (request_buffer); return err; }
/* Map the host name NAME to the actual to be used host name. This * allows us to manage round robin DNS names. We use our own strategy * to choose one of the hosts. For example we skip those hosts which * failed for some time and we stick to one host for a time * independent of DNS retry times. If FORCE_RESELECT is true a new * host is always selected. If SRVTAG is NULL no service record * lookup will be done, if it is set that service name is used. The * selected host is stored as a malloced string at R_HOST; on error * NULL is stored. If we know the port used by the selected host from * a service record, a string representation is written to R_PORTSTR, * otherwise it is left untouched. If R_HTTPFLAGS is not NULL it will * receive flags which are to be passed to http_open. If R_HTTPHOST * is not NULL a malloced name of the host is stored there; this might * be different from R_HOST in case it has been selected from a * pool. */ static gpg_error_t map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect, enum ks_protocol protocol, char **r_host, char *r_portstr, unsigned int *r_httpflags, char **r_httphost) { gpg_error_t err = 0; hostinfo_t hi; int idx; dns_addrinfo_t aibuf, ai; int is_pool; int new_hosts = 0; char *cname; *r_host = NULL; if (r_httpflags) *r_httpflags = 0; if (r_httphost) *r_httphost = NULL; /* No hostname means localhost. */ if (!name || !*name) { *r_host = xtrystrdup ("localhost"); return *r_host? 0 : gpg_error_from_syserror (); } /* See whether the host is in our table. */ idx = find_hostinfo (name); if (idx == -1) { idx = create_new_hostinfo (name); if (idx == -1) return gpg_error_from_syserror (); hi = hosttable[idx]; hi->onion = is_onion_address (name); } else hi = hosttable[idx]; is_pool = hi->pool != NULL; if (srvtag && !is_ip_address (name) && ! hi->onion && ! (hi->did_srv_lookup & 1 << protocol)) { struct srventry *srvs; unsigned int srvscount; /* Check for SRV records. */ err = get_dns_srv (name, srvtag, NULL, &srvs, &srvscount); if (err) { if (gpg_err_code (err) == GPG_ERR_ECONNREFUSED) tor_not_running_p (ctrl); return err; } if (srvscount > 0) { int i; if (! is_pool) is_pool = srvscount > 1; for (i = 0; i < srvscount; i++) { err = resolve_dns_name (srvs[i].target, 0, AF_UNSPEC, SOCK_STREAM, &ai, &cname); if (err) continue; dirmngr_tick (ctrl); add_host (name, is_pool, ai, protocol, srvs[i].port); new_hosts = 1; } xfree (srvs); } hi->did_srv_lookup |= 1 << protocol; } if (! hi->did_a_lookup && ! hi->onion) { /* Find all A records for this entry and put them into the pool list - if any. */ err = resolve_dns_name (name, 0, 0, SOCK_STREAM, &aibuf, &cname); if (err) { log_error ("resolving '%s' failed: %s\n", name, gpg_strerror (err)); err = 0; } else { /* First figure out whether this is a pool. For a pool we use a different strategy than for a plain server: We use the canonical name of the pool as the virtual host along with the IP addresses. If it is not a pool, we use the specified name. */ if (! is_pool) is_pool = arecords_is_pool (aibuf); if (is_pool && cname) { hi->cname = cname; cname = NULL; } for (ai = aibuf; ai; ai = ai->next) { if (ai->family != AF_INET && ai->family != AF_INET6) continue; if (opt.disable_ipv4 && ai->family == AF_INET) continue; if (opt.disable_ipv6 && ai->family == AF_INET6) continue; dirmngr_tick (ctrl); add_host (name, is_pool, ai, 0, 0); new_hosts = 1; } hi->did_a_lookup = 1; } xfree (cname); free_dns_addrinfo (aibuf); } if (new_hosts) hostinfo_sort_pool (hi); if (hi->pool) { /* Deal with the pool name before selecting a host. */ if (r_httphost) { *r_httphost = xtrystrdup (hi->cname? hi->cname : hi->name); if (!*r_httphost) return gpg_error_from_syserror (); } /* If the currently selected host is now marked dead, force a re-selection . */ if (force_reselect) hi->poolidx = -1; else if (hi->poolidx >= 0 && hi->poolidx < hosttable_size && hosttable[hi->poolidx] && hosttable[hi->poolidx]->dead) hi->poolidx = -1; /* Select a host if needed. */ if (hi->poolidx == -1) { hi->poolidx = select_random_host (hi); if (hi->poolidx == -1) { log_error ("no alive host found in pool '%s'\n", name); if (r_httphost) { xfree (*r_httphost); *r_httphost = NULL; } return gpg_error (GPG_ERR_NO_KEYSERVER); } } assert (hi->poolidx >= 0 && hi->poolidx < hosttable_size); hi = hosttable[hi->poolidx]; assert (hi); } else if (r_httphost && is_ip_address (hi->name)) { /* This is a numerical IP address and not a pool. We want to * find the canonical name so that it can be used in the HTTP * Host header. Fixme: We should store that name in the * hosttable. */ char *host; err = resolve_dns_name (hi->name, 0, 0, SOCK_STREAM, &aibuf, NULL); if (!err) { for (ai = aibuf; ai; ai = ai->next) { if ((!opt.disable_ipv6 && ai->family == AF_INET6) || (!opt.disable_ipv4 && ai->family == AF_INET)) { err = resolve_dns_addr (ai->addr, ai->addrlen, 0, &host); if (!err) { /* Okay, we return the first found name. */ *r_httphost = host; break; } } } } free_dns_addrinfo (aibuf); } if (hi->dead) { log_error ("host '%s' marked as dead\n", hi->name); if (r_httphost) { xfree (*r_httphost); *r_httphost = NULL; } return gpg_error (GPG_ERR_NO_KEYSERVER); } if (r_httpflags) { /* If the hosttable does not indicate that a certain host supports IPv<N>, we explicit set the corresponding http flags. The reason for this is that a host might be listed in a pool as not v6 only but actually support v6 when later the name is resolved by our http layer. */ if (!hi->v4) *r_httpflags |= HTTP_FLAG_IGNORE_IPv4; if (!hi->v6) *r_httpflags |= HTTP_FLAG_IGNORE_IPv6; /* Note that we do not set the HTTP_FLAG_FORCE_TOR for onion addresses because the http module detects this itself. This also allows us to use an onion address without Tor mode being enabled. */ } *r_host = xtrystrdup (hi->name); if (!*r_host) { err = gpg_error_from_syserror (); if (r_httphost) { xfree (*r_httphost); *r_httphost = NULL; } return err; } if (hi->port[protocol]) snprintf (r_portstr, 6 /* five digits and the sentinel */, "%hu", hi->port[protocol]); return 0; }
/* Map the host name NAME to the actual to be used host name. This allows us to manage round robin DNS names. We use our own strategy to choose one of the hosts. For example we skip those hosts which failed for some time and we stick to one host for a time independent of DNS retry times. If FORCE_RESELECT is true a new host is always selected. The selected host is stored as a malloced string at R_HOST; on error NULL is stored. If R_HTTPFLAGS is not NULL it will receive flags which are to be passed to http_open. If R_POOLNAME is not NULL a malloced name of the pool is stored or NULL if it is not a pool. */ static gpg_error_t map_host (ctrl_t ctrl, const char *name, int force_reselect, char **r_host, unsigned int *r_httpflags, char **r_poolname) { gpg_error_t err = 0; hostinfo_t hi; int idx; *r_host = NULL; if (r_httpflags) *r_httpflags = 0; if (r_poolname) *r_poolname = NULL; /* No hostname means localhost. */ if (!name || !*name) { *r_host = xtrystrdup ("localhost"); return *r_host? 0 : gpg_error_from_syserror (); } /* See whether the host is in our table. */ idx = find_hostinfo (name); if (idx == -1) { /* We never saw this host. Allocate a new entry. */ struct addrinfo hints, *aibuf, *ai; int *reftbl; size_t reftblsize; int refidx; int is_pool = 0; reftblsize = 100; reftbl = xtrymalloc (reftblsize * sizeof *reftbl); if (!reftbl) return gpg_error_from_syserror (); refidx = 0; idx = create_new_hostinfo (name); if (idx == -1) { err = gpg_error_from_syserror (); xfree (reftbl); return err; } hi = hosttable[idx]; /* Find all A records for this entry and put them into the pool list - if any. */ memset (&hints, 0, sizeof (hints)); hints.ai_family = AF_UNSPEC; hints.ai_socktype = SOCK_STREAM; hints.ai_flags = AI_CANONNAME; /* We can't use the the AI_IDN flag because that does the conversion using the current locale. However, GnuPG always used UTF-8. To support IDN we would need to make use of the libidn API. */ if (!getaddrinfo (name, NULL, &hints, &aibuf)) { int n_v6, n_v4; /* First figure out whether this is a pool. For a pool we use a different strategy than for a plains erver: We use the canonical name of the pool as the virtual host along with the IP addresses. If it is not a pool, we use the specified name. */ n_v6 = n_v4 = 0; for (ai = aibuf; ai; ai = ai->ai_next) { if (ai->ai_family != AF_INET6) n_v6++; else if (ai->ai_family != AF_INET) n_v4++; } if (n_v6 > 1 || n_v4 > 1) is_pool = 1; if (is_pool && aibuf->ai_canonname) hi->cname = xtrystrdup (aibuf->ai_canonname); for (ai = aibuf; ai; ai = ai->ai_next) { char tmphost[NI_MAXHOST + 2]; int tmpidx; int is_numeric; int ec; int i; if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) continue; dirmngr_tick (ctrl); if (!is_pool && !is_ip_address (name)) { /* This is a hostname but not a pool. Use the name as given without going through getnameinfo. */ if (strlen (name)+1 > sizeof tmphost) { ec = EAI_SYSTEM; gpg_err_set_errno (EINVAL); } else { ec = 0; strcpy (tmphost, name); } is_numeric = 0; } else ec = my_getnameinfo (ai, tmphost, sizeof tmphost, 0, &is_numeric); if (ec) { log_info ("getnameinfo failed while checking '%s': %s\n", name, gai_strerror (ec)); } else if (refidx+1 >= reftblsize) { log_error ("getnameinfo returned for '%s': '%s'" " [index table full - ignored]\n", name, tmphost); } else { tmpidx = find_hostinfo (tmphost); log_info ("getnameinfo returned for '%s': '%s'%s\n", name, tmphost, tmpidx == -1? "" : " [already known]"); if (tmpidx == -1) /* Create a new entry. */ tmpidx = create_new_hostinfo (tmphost); if (tmpidx == -1) { log_error ("map_host for '%s' problem: %s - '%s'" " [ignored]\n", name, strerror (errno), tmphost); } else /* Set or update the entry. */ { char *ipaddr = NULL; if (!is_numeric) { ec = my_getnameinfo (ai, tmphost, sizeof tmphost, 1, &is_numeric); if (!ec && !(ipaddr = xtrystrdup (tmphost))) ec = EAI_SYSTEM; if (ec) log_info ("getnameinfo failed: %s\n", gai_strerror (ec)); } if (ai->ai_family == AF_INET6) { hosttable[tmpidx]->v6 = 1; xfree (hosttable[tmpidx]->v6addr); hosttable[tmpidx]->v6addr = ipaddr; } else if (ai->ai_family == AF_INET) { hosttable[tmpidx]->v4 = 1; xfree (hosttable[tmpidx]->v4addr); hosttable[tmpidx]->v4addr = ipaddr; } else BUG (); for (i=0; i < refidx; i++) if (reftbl[i] == tmpidx) break; if (!(i < refidx) && tmpidx != idx) reftbl[refidx++] = tmpidx; } } } freeaddrinfo (aibuf); } reftbl[refidx] = -1; if (refidx && is_pool) { assert (!hi->pool); hi->pool = xtryrealloc (reftbl, (refidx+1) * sizeof *reftbl); if (!hi->pool) { err = gpg_error_from_syserror (); log_error ("shrinking index table in map_host failed: %s\n", gpg_strerror (err)); xfree (reftbl); return err; } qsort (reftbl, refidx, sizeof *reftbl, sort_hostpool); } else xfree (reftbl); } hi = hosttable[idx]; if (hi->pool) { /* Deal with the pool name before selecting a host. */ if (r_poolname && hi->cname) { *r_poolname = xtrystrdup (hi->cname); if (!*r_poolname) return gpg_error_from_syserror (); } /* If the currently selected host is now marked dead, force a re-selection . */ if (force_reselect) hi->poolidx = -1; else if (hi->poolidx >= 0 && hi->poolidx < hosttable_size && hosttable[hi->poolidx] && hosttable[hi->poolidx]->dead) hi->poolidx = -1; /* Select a host if needed. */ if (hi->poolidx == -1) { hi->poolidx = select_random_host (hi->pool); if (hi->poolidx == -1) { log_error ("no alive host found in pool '%s'\n", name); if (r_poolname) { xfree (*r_poolname); *r_poolname = NULL; } return gpg_error (GPG_ERR_NO_KEYSERVER); } } assert (hi->poolidx >= 0 && hi->poolidx < hosttable_size); hi = hosttable[hi->poolidx]; assert (hi); } if (hi->dead) { log_error ("host '%s' marked as dead\n", hi->name); if (r_poolname) { xfree (*r_poolname); *r_poolname = NULL; } return gpg_error (GPG_ERR_NO_KEYSERVER); } if (r_httpflags) { /* If the hosttable does not indicate that a certain host supports IPv<N>, we explicit set the corresponding http flags. The reason for this is that a host might be listed in a pool as not v6 only but actually support v6 when later the name is resolved by our http layer. */ if (!hi->v4) *r_httpflags |= HTTP_FLAG_IGNORE_IPv4; if (!hi->v6) *r_httpflags |= HTTP_FLAG_IGNORE_IPv6; } *r_host = xtrystrdup (hi->name); if (!*r_host) { err = gpg_error_from_syserror (); if (r_poolname) { xfree (*r_poolname); *r_poolname = NULL; } return err; } return 0; }
/* Map the host name NAME to the actual to be used host name. This allows us to manage round robin DNS names. We use our own strategy to choose one of the hosts. For example we skip those hosts which failed for some time and we stick to one host for a time independent of DNS retry times. If FORCE_RESELECT is true a new host is always selected. The selected host is stored as a malloced string at R_HOST; on error NULL is stored. If we know the port used by the selected host, a string representation is written to R_PORTSTR, otherwise it is left untouched. If R_HTTPFLAGS is not NULL it will receive flags which are to be passed to http_open. If R_POOLNAME is not NULL a malloced name of the pool is stored or NULL if it is not a pool. */ static gpg_error_t map_host (ctrl_t ctrl, const char *name, int force_reselect, char **r_host, char *r_portstr, unsigned int *r_httpflags, char **r_poolname) { gpg_error_t err = 0; hostinfo_t hi; int idx; *r_host = NULL; if (r_httpflags) *r_httpflags = 0; if (r_poolname) *r_poolname = NULL; /* No hostname means localhost. */ if (!name || !*name) { *r_host = xtrystrdup ("localhost"); return *r_host? 0 : gpg_error_from_syserror (); } /* See whether the host is in our table. */ idx = find_hostinfo (name); if (idx == -1 && is_onion_address (name)) { idx = create_new_hostinfo (name); if (idx == -1) return gpg_error_from_syserror (); hi = hosttable[idx]; hi->onion = 1; } else if (idx == -1) { /* We never saw this host. Allocate a new entry. */ dns_addrinfo_t aibuf, ai; int *reftbl; size_t reftblsize; int refidx; int is_pool = 0; char *cname; #ifdef USE_DNS_SRV char *srvrecord; struct srventry *srvs; int srvscount; #endif /* USE_DNS_SRV */ reftblsize = 100; reftbl = xtrymalloc (reftblsize * sizeof *reftbl); if (!reftbl) return gpg_error_from_syserror (); refidx = 0; idx = create_new_hostinfo (name); if (idx == -1) { err = gpg_error_from_syserror (); xfree (reftbl); return err; } hi = hosttable[idx]; #ifdef USE_DNS_SRV /* Check for SRV records. */ srvrecord = xtryasprintf ("_hkp._tcp.%s", name); if (srvrecord == NULL) { err = gpg_error_from_syserror (); xfree (reftbl); return err; } srvscount = getsrv (srvrecord, &srvs); xfree (srvrecord); if (srvscount < 0) { err = gpg_error_from_syserror (); xfree (reftbl); return err; } if (srvscount > 0) { int i; is_pool = srvscount > 1; for (i = 0; i < srvscount; i++) { err = resolve_dns_name (srvs[i].target, 0, AF_UNSPEC, SOCK_STREAM, &ai, &cname); if (err) continue; dirmngr_tick (ctrl); add_host (name, is_pool, ai, srvs[i].port, reftbl, reftblsize, &refidx); } xfree (srvs); } #endif /* USE_DNS_SRV */ /* Find all A records for this entry and put them into the pool list - if any. */ err = resolve_dns_name (name, 0, 0, SOCK_STREAM, &aibuf, &cname); if (err) { log_error ("resolving '%s' failed: %s\n", name, gpg_strerror (err)); err = 0; } else { /* First figure out whether this is a pool. For a pool we use a different strategy than for a plain server: We use the canonical name of the pool as the virtual host along with the IP addresses. If it is not a pool, we use the specified name. */ if (! is_pool) is_pool = arecords_is_pool (aibuf); if (is_pool && cname) { hi->cname = cname; cname = NULL; } for (ai = aibuf; ai; ai = ai->next) { if (ai->family != AF_INET && ai->family != AF_INET6) continue; dirmngr_tick (ctrl); add_host (name, is_pool, ai, 0, reftbl, reftblsize, &refidx); } } reftbl[refidx] = -1; xfree (cname); free_dns_addrinfo (aibuf); if (refidx && is_pool) { assert (!hi->pool); hi->pool = xtryrealloc (reftbl, (refidx+1) * sizeof *reftbl); if (!hi->pool) { err = gpg_error_from_syserror (); log_error ("shrinking index table in map_host failed: %s\n", gpg_strerror (err)); xfree (reftbl); return err; } qsort (hi->pool, refidx, sizeof *reftbl, sort_hostpool); } else xfree (reftbl); } hi = hosttable[idx]; if (hi->pool) { /* Deal with the pool name before selecting a host. */ if (r_poolname) { *r_poolname = xtrystrdup (hi->cname? hi->cname : hi->name); if (!*r_poolname) return gpg_error_from_syserror (); } /* If the currently selected host is now marked dead, force a re-selection . */ if (force_reselect) hi->poolidx = -1; else if (hi->poolidx >= 0 && hi->poolidx < hosttable_size && hosttable[hi->poolidx] && hosttable[hi->poolidx]->dead) hi->poolidx = -1; /* Select a host if needed. */ if (hi->poolidx == -1) { hi->poolidx = select_random_host (hi->pool); if (hi->poolidx == -1) { log_error ("no alive host found in pool '%s'\n", name); if (r_poolname) { xfree (*r_poolname); *r_poolname = NULL; } return gpg_error (GPG_ERR_NO_KEYSERVER); } } assert (hi->poolidx >= 0 && hi->poolidx < hosttable_size); hi = hosttable[hi->poolidx]; assert (hi); } if (hi->dead) { log_error ("host '%s' marked as dead\n", hi->name); if (r_poolname) { xfree (*r_poolname); *r_poolname = NULL; } return gpg_error (GPG_ERR_NO_KEYSERVER); } if (r_httpflags) { /* If the hosttable does not indicate that a certain host supports IPv<N>, we explicit set the corresponding http flags. The reason for this is that a host might be listed in a pool as not v6 only but actually support v6 when later the name is resolved by our http layer. */ if (!hi->v4) *r_httpflags |= HTTP_FLAG_IGNORE_IPv4; if (!hi->v6) *r_httpflags |= HTTP_FLAG_IGNORE_IPv6; /* Note that we do not set the HTTP_FLAG_FORCE_TOR for onion addresses because the http module detects this itself. This also allows us to use an onion address without Tor mode being enabled. */ } *r_host = xtrystrdup (hi->name); if (!*r_host) { err = gpg_error_from_syserror (); if (r_poolname) { xfree (*r_poolname); *r_poolname = NULL; } return err; } if (hi->port) snprintf (r_portstr, 6 /* five digits and the sentinel */, "%hu", hi->port); return 0; }