port 80 keyserver access,
again (was Re: [Sks-devel] SKS and Apache2 :-))
Jason Harris
jharris at widomaker.com
Tue May 11 22:18:00 CEST 2004
On Tue, May 11, 2004 at 01:21:48PM -0600, Chris Kuethe wrote:
> On Tue, 11 May 2004, Jan Kesten wrote:
> > I tried out Apache2 and it reverse proxy feature and found something
> > interesting to make sks webqueries work with a restrictive firewall
> > blocking access to port 11371:
> I just use absolute paths, without the server name:
> <form action="/pks/lookup" method="get">
> That way the browser can figure it out... i'm still running apache 1,
> with this in my httpd.conf:
>
> <VirtualHost 129.128.11.77>
> Options Indexes
> ProxyPass / http://127.0.0.1:11371/
> ServerName pgp.cns.ualberta.ca
> </VirtualHost>
This can also be done with (a slightly modified version of) the PHP page
floating around, but it does require a change to GPG to fully work. Add:
sprintf( request, "Content-type: application/x-www-form-urlencoded\r\n");
iobuf_writestr( hd.fp_write, request );
just before:
sprintf( request, "Content-Length: %u\r\n",
(unsigned)iobuf_get_temp_length(temp) + 9 );
iobuf_writestr( hd.fp_write, request );
m_free( request );
in hkp.c, then use:
./gpg --keyserver hkp://keyserver.kjsl.com:80 -v --send <key>
to send me a key. --recv works _without_ modifying GPG, since
the PHP doesn't need to access "keytext" from the form/request.
On the Apache side, the trick is to add:
SetHandler application/x-httpd-php
to your .htaccess in /pks.
--
Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it?
jharris at widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/
Got photons? (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : /pipermail/attachments/20040511/fe3dd587/attachment.bin
More information about the Gnupg-users
mailing list