SOCKS4A/SOCKS5 proxy support?

David Shaw dshaw at jabberwocky.com
Mon Sep 24 22:58:50 CEST 2012 

On Sep 24, 2012, at 4:37 PM, Jacob Appelbaum wrote:

> David Shaw:
>> On Sep 24, 2012, at 3:22 PM, Jacob Appelbaum wrote:
>> 
>>> David Shaw:
>>>> On Sep 24, 2012, at 6:11 AM, Werner Koch wrote:
>>>> 
>>>>> On Mon, 24 Sep 2012 01:43, jacob at appelbaum.net said:
>>>>> 
>>>>>> Are there any plans to add support to gpg for SOCKS5? Would such
>>>>>> a thing be a welcome patch?
>>>>> 
>>>>> Does Curl support SOCKS?  Then GnuPG should benefit from it
>>>>> directy. Well unless you are talking about Windows, where we don't
>>>>> build with Curl support.
>>>> 
>>>> If your curl is recent enough (7.21.7 and later), then you can set
>>>> the proxy to something like "socks5://your-proxy-here.example.com"
>>>> and it should do the right thing.
>>>> 
>>> 
>>> That is great news.
>>> 
>>> I guess we'd want a way to set the SOCKS proxy in GnuPG and then
>>> properly set the SOCKS argument in the curl library usage. If that was
>>> done, I guess we'd have SOCKS support on all platforms other than
>>> Windows - which I think is a reasonable start.
>>> 
>>> Is there anything I should consider before getting started on a patch?
>> 
>> You shouldn't need to patch anything.  Try this in your gpg.conf file:
>> 
> 
> 
> I'd like to make sure that there is an option to specifically set a
> SOCKS5 proxy and have things fail closed if it doesn't work as expected.
> 
> 
>>  keyserver-options http-proxy=socks5://your-proxy-here
>> 
>> Or on the command line:
>> 
>>  gpg --keyserver-options http-proxy=socks5://your-proxy-here
>> 
>> Or just set the "http_proxy" environment variable.
>> 
> 
> I did try the above (
> https://trac.torproject.org/projects/tor/ticket/6940#comment:26 ) and
> found that it wasn't working. The output is in that ticket.
> 
> Looking at my gpg I see that Ubuntu's build doesn't link against curl (?):

Correct, it doesn't.

> It does appear that gpg2 links against libcurl-gnutls.so.4 but it
> doesn't work as expected either:
> 
> gpg2 --keyserver-options
> http-proxy=socks5://127.0.0.1:9050,debug,verbose --search
> jacob at appelbaum.net
> gpg: searching for "jacob at appelbaum.net" from hkp server
> pool.sks-keyservers.net
> gpgkeys: curl version = libcurl/7.21.3 GnuTLS/2.8.6 zlib/1.2.3.4 libidn/1.18

It's linked against libcurl 7.21.3.  The socks5:// URL type was added in 7.21.7.

David

More information about the Gnupg-devel mailing list