[git] GnuPG - branch, master, updated. gnupg-2.1.21-159-gc5e5748
by Werner Koch
cvs at cvs.gnupg.org
Wed Jul 26 13:54:57 CEST 2017
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via c5e5748480952e5bcedb16f6ce6ef7e435acb3c7 (commit)
via fd68bdb61ec4f8441da6d3023a8da4315df54cec (commit)
from d50c2eff8d6931586c527edb3dea98dbc6facdec (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit c5e5748480952e5bcedb16f6ce6ef7e435acb3c7
Author: Werner Koch <wk at gnupg.org>
Date: Wed Jul 26 13:48:27 2017 +0200
dirmngr: Do not use a blocking connect in Tor mode.
* dirmngr/http.c (http_raw_connect): Disable the timeout in Tor mode.
(send_request): Ditto.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/dirmngr/http.c b/dirmngr/http.c
index 63ed5d3..0bedba0 100644
--- a/dirmngr/http.c
+++ b/dirmngr/http.c
@@ -955,6 +955,10 @@ http_raw_connect (http_t *r_hd, const char *server, unsigned short port,
log_error ("Tor support is not available\n");
return gpg_err_make (default_errsource, GPG_ERR_NOT_IMPLEMENTED);
}
+ /* Non-blocking connects do not work with our Tor proxy because
+ * we can't continue the Socks protocol after the EINPROGRESS.
+ * Disable the timeout to use a blocking connect. */
+ timeout = 0;
}
/* Create the handle. */
@@ -1698,6 +1702,10 @@ send_request (http_t hd, const char *httphost, const char *auth,
log_error ("Tor support is not available\n");
return gpg_err_make (default_errsource, GPG_ERR_NOT_IMPLEMENTED);
}
+ /* Non-blocking connects do not work with our Tor proxy because
+ * we can't continue the Socks protocol after the EINPROGRESS.
+ * Disable the timeout to use a blocking connect. */
+ timeout = 0;
}
server = *hd->uri->host ? hd->uri->host : "localhost";
diff --git a/dirmngr/t-http.c b/dirmngr/t-http.c
index b0f2bcf..440633d 100644
--- a/dirmngr/t-http.c
+++ b/dirmngr/t-http.c
@@ -40,6 +40,7 @@
#include "../common/util.h"
#include "../common/logging.h"
+#include "dns-stuff.h"
#include "http.h"
#include <ksba.h>
@@ -312,9 +313,25 @@ main (int argc, char **argv)
if (!cafile)
cafile = prepend_srcdir ("tls-ca.pem");
+ if (verbose)
+ my_http_flags |= HTTP_FLAG_LOG_RESP;
+
+ if (verbose || debug)
+ http_set_verbose (verbose, debug);
+
/* http.c makes use of the assuan socket wrapper. */
assuan_sock_init ();
+ if ((my_http_flags & HTTP_FLAG_FORCE_TOR))
+ {
+ enable_dns_tormode (1);
+ if (assuan_sock_set_flag (ASSUAN_INVALID_FD, "tor-mode", 1))
+ {
+ log_error ("error enabling Tor mode: %s\n", strerror (errno));
+ log_info ("(is your Libassuan recent enough?)\n");
+ }
+ }
+
#if HTTP_USE_NTBTLS
log_info ("new session.\n");
err = http_session_new (&session, NULL,
commit fd68bdb61ec4f8441da6d3023a8da4315df54cec
Author: Werner Koch <wk at gnupg.org>
Date: Wed Jul 26 10:58:15 2017 +0200
dirmngr: Auto-enable Tor on startup or reload.
* dirmngr/dirmngr.c (dirmngr_use_tor): Test for Tor availibility.
--
GnuPG-bug-id: 2935
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
index 1ddc568..0d133c6 100644
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@@ -532,7 +532,17 @@ dirmngr_use_tor (void)
{
if (tor_mode == TOR_MODE_AUTO)
{
- /* FIXME: Figure out whether Tor is running. */
+ /* Figure out whether Tor is running. */
+ assuan_fd_t sock;
+
+ sock = assuan_sock_connect_byname (NULL, 0, 0, NULL, ASSUAN_SOCK_TOR);
+ if (sock == ASSUAN_INVALID_FD)
+ tor_mode = TOR_MODE_NO;
+ else
+ {
+ tor_mode = TOR_MODE_YES;
+ assuan_sock_close (sock);
+ }
}
if (tor_mode == TOR_MODE_FORCE)
diff --git a/dirmngr/server.c b/dirmngr/server.c
index 4f5a3b2..7ed6cde 100644
--- a/dirmngr/server.c
+++ b/dirmngr/server.c
@@ -308,8 +308,8 @@ strcpy_escaped_plus (char *d, const unsigned char *s)
}
-/* This function returns true if a Tor server is running. The sattus
- is cached for the current connection. */
+/* This function returns true if a Tor server is running. The status
+ * is cached for the current connection. */
static int
is_tor_running (ctrl_t ctrl)
{
diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi
index 64b24f9..eef78a8 100644
--- a/doc/dirmngr.texi
+++ b/doc/dirmngr.texi
@@ -243,10 +243,16 @@ Enabling this option forces loading of expired CRLs; this is only
useful for debugging.
@item --use-tor
+ at itemx --no-use-tor
@opindex use-tor
-This option switches Dirmngr and thus GnuPG into ``Tor mode'' to route
-all network access via Tor (an anonymity network). Certain other
-features are disabled if this mode is active.
+ at opindex no-use-tor
+The option @option{--use-tor} switches Dirmngr and thus GnuPG into
+``Tor mode'' to route all network access via Tor (an anonymity
+network). Certain other features are disabled in this mode. The
+effect of @option{--use-tor} cannot be overridden by any other command
+or even be reloading gpg-agent. The use of @option{--no-use-tor}
+disables the use of Tor. The default is to use Tor if it is available
+on startup or after reloading dirmngr.
@item --standard-resolver
@opindex standard-resolver
-----------------------------------------------------------------------
Summary of changes:
dirmngr/dirmngr.c | 12 +++++++++++-
dirmngr/http.c | 8 ++++++++
dirmngr/server.c | 4 ++--
dirmngr/t-http.c | 17 +++++++++++++++++
doc/dirmngr.texi | 12 +++++++++---
5 files changed, 47 insertions(+), 6 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list