now respects keyserverpolicy request member variable (closes MS #2542)

diff --git a/Changelog b/Changelog
index 25411aa3d62700b30e07733e772c5b030242659d..8410b890c3542ae1fdb03842046f0a6fc2c8aa6f 100644 (file)
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,10 @@
+msva-perl (0.6~pre) unstable; urgency=low
+
+  * add new element to JSON syntax allowing request to override
+    keyserver_policy (closes MS #2542)
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Thu, 14 Oct 2010 16:30:54 -0400
+
 msva-perl (0.5) unstable; urgency=low
 
   * If ${MSVA_KEYSERVER} is unset or blank, default to using keyserver

diff --git a/Crypt/Monkeysphere/MSVA.pm b/Crypt/Monkeysphere/MSVA.pm
index d4c5852de58acfb62586d8e3eb0eeaecefc0569a..94a5c769eecd3d346960cf7ea60051c11ef562ac 100755 (executable)
--- a/Crypt/Monkeysphere/MSVA.pm
+++ b/Crypt/Monkeysphere/MSVA.pm
@@ -543,13 +543,21 @@
         } else {
           $ret->{message} = sprintf('Failed to validate "%s" through the OpenPGP Web of Trust.', $uid);
           my $lastloop = 0;
-          msvalog('debug', "keyserver policy: %s\n", get_keyserver_policy);
+          my $kspolicy;
+          if (defined $data->{keyserverpolicy} &&
+              $data->{keyserverpolicy} =~ /^(always|never|unlessvalid)$/) {
+            $kspolicy = $1;
+            msvalog("verbose", "using requested keyserver policy: %s\n", $1);
+          } else {
+            $kspolicy = get_keyserver_policy();
+          }
+          msvalog('debug', "keyserver policy: %s\n", $kspolicy);
           # needed because $gnupg spawns child processes
           $ENV{PATH} = '/usr/local/bin:/usr/bin:/bin';
-          if (get_keyserver_policy() eq 'always') {
+          if ($kspolicy eq 'always') {
             fetch_uid_from_keyserver($uid);
             $lastloop = 1;
-          } elsif (get_keyserver_policy() eq 'never') {
+          } elsif ($kspolicy eq 'never') {
             $lastloop = 1;
           }
           my $foundvalid = 0;

diff --git a/msva.protocol.README b/msva.protocol.README
index d8ca551c834b71ed377b14c763478dd36adcdbcf..0d7fd51fbf0bf665be4d991422d1466e00f8a840 100644 (file)
--- a/msva.protocol.README
+++ b/msva.protocol.README
@@ -14,7 +14,8 @@ GET /  -- initial contact query, protocol version compatibility.
   (returns: protoversion, server, available)
 
 POST /reviewcert  -- request validation of a certificate
- (query parameters: uid, context, pkc)
+ (required query parameters: uid, context, pkc)
+ (optional query parameters: keyserverpolicy)
  (returns: valid, message)
 
 Query parameters are posted as a JSON blob (*not* as
@@ -23,9 +24,9 @@ www-form-encoded).
 The variables that are returned are application/json as well.
 
 (PKC means: public key carrier: raw key, OpenPGP cert, or X.509 cert)
-(UID means: User ID (like in OpenPGP))
+(UID means: User ID (similar to OpenPGP))
 (context means: (this is too vague right now) something like "this certificate was used to try to identify an HTTPS server")
-
+(keyserverpolicy is optional; it states an advisory preference for how/whether the agent should contact the keyserver network for information about the key.  The options are `always`, `never`, and `unlessvalid` (see the `msva-perl(1)` man page section about the `KEYSERVER_POLICY` environment variable for more details). Be aware that the agent may disregard, override, or simply not implement this preference.)
 
 Full details on the Monkeysphere Validation Agent protocol should be
 available at http://web.monkeysphere.info/validation-agent/protocol