* dirmngr/dirmngr.h (struct opt): Add field 'disable_ipv6'.
* dirmngr/dirmngr.c (oDisableIPv6): New const.
(opts): New option --disable-ipv6.
(parse_rereadable_options): Set that option.
* dirmngr/dns-stuff.c (opt_disable_ipv6): New var.
(set_dns_disable_ipv6): New.
(resolve_name_standard): Make use of it.
* dirmngr/ks-engine-finger.c (ks_finger_fetch): Take care of
OPT.DISABLE_IPV6.
* dirmngr/ks-engine-hkp.c (map_host): Ditto.
(send_request): Ditto.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/ocsp.c (do_ocsp_request): Ditto.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit
3533b854408fa93734742b2ee12b62aa0d55ff28)
Gbp-Pq: Name 0063-dirmngr-New-option-disable-ipv6.patch
|(DBG_LOOKUP? HTTP_FLAG_LOG_RESP:0)
|(dirmngr_use_tor()? HTTP_FLAG_FORCE_TOR:0)
|(opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4:0)
+ |(opt.disable_ipv6? HTTP_FLAG_IGNORE_IPv6:0)
),
ctrl->http_proxy, NULL, NULL, NULL);
oDisableHTTP,
oDisableLDAP,
oDisableIPv4,
+ oDisableIPv6,
oIgnoreLDAPDP,
oIgnoreHTTPDP,
oIgnoreOCSPSvcUrl,
ARGPARSE_s_n (oNoUseTor, "no-use-tor", "@"),
ARGPARSE_s_n (oDisableIPv4, "disable-ipv4", "@"),
+ ARGPARSE_s_n (oDisableIPv6, "disable-ipv6", "@"),
ARGPARSE_s_s (oSocketName, "socket-name", "@"), /* Only for debugging. */
case oDisableHTTP: opt.disable_http = 1; break;
case oDisableLDAP: opt.disable_ldap = 1; break;
case oDisableIPv4: opt.disable_ipv4 = 1; break;
+ case oDisableIPv6: opt.disable_ipv6 = 1; break;
case oHonorHTTPProxy: opt.honor_http_proxy = 1; break;
case oHTTPProxy: opt.http_proxy = pargs->r.ret_str; break;
case oLDAPProxy: opt.ldap_proxy = pargs->r.ret_str; break;
set_dns_verbose (opt.verbose, !!DBG_DNS);
http_set_verbose (opt.verbose, !!DBG_NETWORK);
set_dns_disable_ipv4 (opt.disable_ipv4);
+ set_dns_disable_ipv6 (opt.disable_ipv6);
return 1; /* Handled. */
}
int disable_http; /* Do not use HTTP at all. */
int disable_ldap; /* Do not use LDAP at all. */
- int disable_ipv4; /* Do not use leagacy IP addresses. */
+ int disable_ipv4; /* Do not use legacy IP addresses. */
+ int disable_ipv6; /* Do not use standard IP addresses. */
int honor_http_proxy; /* Honor the http_proxy env variable. */
const char *http_proxy; /* The default HTTP proxy. */
const char *ldap_proxy; /* Use given LDAP proxy. */
* returned A records. */
static int opt_disable_ipv4;
+/* The flag to disable IPv6 access - right now this only skips
+ * returned AAAA records. */
+static int opt_disable_ipv6;
+
/* If set force the use of the standard resolver. */
static int standard_resolver;
}
+/* Set the Disable-IPv6 flag so that the name resolver does not return
+ * AAAA addresses. */
+void
+set_dns_disable_ipv6 (int yes)
+{
+ opt_disable_ipv6 = !!yes;
+}
+
+
/* Set the timeout for libdns requests to SECONDS. A value of 0 sets
* the default timeout and values are capped at 10 minutes. */
void
continue;
if (opt_disable_ipv4 && ai->ai_family == AF_INET)
continue;
+ if (opt_disable_ipv6 && ai->ai_family == AF_INET6)
+ continue;
dai = xtrymalloc (sizeof *dai + ai->ai_addrlen - 1);
dai->family = ai->ai_family;
* A addresses. */
void set_dns_disable_ipv4 (int yes);
+/* Set the Disable-IPv6 flag so that the name resolver does not return
+ * AAAA addresses. */
+void set_dns_disable_ipv6 (int yes);
+
/* Set the timeout for libdns requests to SECONDS. */
void set_dns_timeout (int seconds);
err = http_raw_connect (&http, server, 79,
((dirmngr_use_tor ()? HTTP_FLAG_FORCE_TOR : 0)
- | (opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4 : 0)),
+ | (opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4 : 0)
+ | (opt.disable_ipv6? HTTP_FLAG_IGNORE_IPv6 : 0)),
NULL);
if (err)
{
continue;
if (opt.disable_ipv4 && ai->family == AF_INET)
continue;
+ if (opt.disable_ipv6 && ai->family == AF_INET6)
+ continue;
dirmngr_tick (ctrl);
add_host (name, is_pool, ai, 0, reftbl, reftblsize, &refidx);
{
for (ai = aibuf; ai; ai = ai->next)
{
- if (ai->family == AF_INET6
+ if ((!opt.disable_ipv6 && ai->family == AF_INET6)
|| (!opt.disable_ipv4 && ai->family == AF_INET))
{
err = resolve_dns_addr (ai->addr, ai->addrlen, 0, &host);
(httpflags
|(opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
|(dirmngr_use_tor ()? HTTP_FLAG_FORCE_TOR:0)
- |(opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4 : 0)),
+ |(opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4 : 0)
+ |(opt.disable_ipv6? HTTP_FLAG_IGNORE_IPv6 : 0)),
ctrl->http_proxy,
session,
NULL,
/* fixme: AUTH */ NULL,
((opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
| (dirmngr_use_tor ()? HTTP_FLAG_FORCE_TOR:0)
- | (opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4 : 0)),
+ | (opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4 : 0)
+ | (opt.disable_ipv6? HTTP_FLAG_IGNORE_IPv6 : 0)),
ctrl->http_proxy,
session,
NULL,
err = http_open (&http, HTTP_REQ_POST, url, NULL, NULL,
((opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
| (dirmngr_use_tor ()? HTTP_FLAG_FORCE_TOR:0)
- | (opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4 : 0)),
+ | (opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4 : 0)
+ | (opt.disable_ipv6? HTTP_FLAG_IGNORE_IPv6 : 0)),
ctrl->http_proxy, NULL, NULL, NULL);
if (err)
{
checking is done for @var{ipaddr}.
@item --disable-ipv4
+@item --disable-ipv6
@opindex disable-ipv4
-Disable the use of all IPv4 addresses. This option is mainly useful
-for debugging.
+@opindex disable-ipv6
+Disable the use of all IPv4 or IPv6 addresses.
@item --disable-ldap
@opindex disable-ldap