* tools/gpg-wks-client.c (encrypt_response): Add arg -z0.
* tools/gpg-wks-server.c (encrypt_stream): Ditto.
--
If for example a server was built without the development packages of
the compression libraries installed, the server will not be able to
decrypt a request. In theory this can't happen due to the preference
system but it is just to easy to create the server's key using a
different version of gpg and then use gpg-wks-server built
differently.
For the short messages we exchange compression is not really required
and thus we better do without to make the system more robust.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit
70a8db0333e3c22403b3647f8b5f924f6dace719)
(cherry picked from commit
16424d8a34c7f6af1071fd19dfc180cb7d17c052)
Gbp-Pq: Topic from-2.2.13
Gbp-Pq: Name wks-Do-not-use-compression-for-the-encrypted-data.patch
ccparray_put (&ccp, "--status-fd=2");
ccparray_put (&ccp, "--always-trust");
ccparray_put (&ccp, "--armor");
+ ccparray_put (&ccp, "-z0"); /* No compression for improved robustness. */
if (fake_submission_addr)
ccparray_put (&ccp, "--auto-key-locate=clear,local");
else
ccparray_put (&ccp, "--always-trust");
ccparray_put (&ccp, "--no-keyring");
ccparray_put (&ccp, "--armor");
+ ccparray_put (&ccp, "-z0"); /* No compression for improved robustness. */
ccparray_put (&ccp, "--recipient-file");
ccparray_put (&ccp, keyfile);
ccparray_put (&ccp, "--encrypt");
projects / gnupg2.git / commitdiff