SOCKS4A/SOCKS5 proxy support?
jacob at appelbaum.net
Mon Sep 24 22:37:03 CEST 2012
> On Sep 24, 2012, at 3:22 PM, Jacob Appelbaum wrote:
>> David Shaw:
>>> On Sep 24, 2012, at 6:11 AM, Werner Koch wrote:
>>>> On Mon, 24 Sep 2012 01:43, jacob at appelbaum.net said:
>>>>> Are there any plans to add support to gpg for SOCKS5? Would such
>>>>> a thing be a welcome patch?
>>>> Does Curl support SOCKS? Then GnuPG should benefit from it
>>>> directy. Well unless you are talking about Windows, where we don't
>>>> build with Curl support.
>>> If your curl is recent enough (7.21.7 and later), then you can set
>>> the proxy to something like "socks5://your-proxy-here.example.com"
>>> and it should do the right thing.
>> That is great news.
>> I guess we'd want a way to set the SOCKS proxy in GnuPG and then
>> properly set the SOCKS argument in the curl library usage. If that was
>> done, I guess we'd have SOCKS support on all platforms other than
>> Windows - which I think is a reasonable start.
>> Is there anything I should consider before getting started on a patch?
> You shouldn't need to patch anything. Try this in your gpg.conf file:
I'd like to make sure that there is an option to specifically set a
SOCKS5 proxy and have things fail closed if it doesn't work as expected.
> keyserver-options http-proxy=socks5://your-proxy-here
> Or on the command line:
> gpg --keyserver-options http-proxy=socks5://your-proxy-here
> Or just set the "http_proxy" environment variable.
I did try the above (
https://trac.torproject.org/projects/tor/ticket/6940#comment:26 ) and
found that it wasn't working. The output is in that ticket.
Looking at my gpg I see that Ubuntu's build doesn't link against curl (?):
linux-vdso.so.1 => (0x00007fff80391000)
libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2 (0x00007f33f4c6f000)
libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007f33f4a57000)
libbz2.so.1.0 => /lib/libbz2.so.1.0 (0x00007f33f4846000)
libreadline.so.6 => /lib/libreadline.so.6 (0x00007f33f4604000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f33f4400000)
libusb-0.1.so.4 => /lib/libusb-0.1.so.4 (0x00007f33f41f6000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f33f3e61000)
libncurses.so.5 => /lib/libncurses.so.5 (0x00007f33f3c1d000)
I find this confusing as ltrace over gpg says something about
"malloc(gpgkeys: curl version = GnuPG curl-shim" which clearly is from
/usr/lib/gnupg/gpgkeys_hkp - That also appears to be without libcurl:
gpgkeys_hkp (GnuPG) 1.4.11
Uses: GnuPG curl-shim
linux-vdso.so.1 => (0x00007fff511ff000)
libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2 (0x00007f1afa0b8000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f1af9d23000)
The same is true for gpgkeys_curl
linux-vdso.so.1 => (0x00007fff277ff000)
libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2 (0x00007fe322b55000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fe3227c0000)
It does appear that gpg2 links against libcurl-gnutls.so.4 but it
doesn't work as expected either:
jacob at appelbaum.net
gpg: searching for "jacob at appelbaum.net" from hkp server
gpgkeys: curl version = libcurl/7.21.3 GnuTLS/2.8.6 zlib/184.108.40.206 libidn/1.18
gpgkeys: search type is 0, and key is "jacob at appelbaum.net"
* About to connect() to proxy 127.0.0.1 port 9050 (#0)
* Trying 127.0.0.1... * connected
* Connected to 127.0.0.1 (127.0.0.1) port 9050 (#0)
* HTTP 1.0, assume close after body
< HTTP/1.0 501 Tor is not an HTTP Proxy
< Content-Type: text/html; charset=iso-8859-1
* Closing connection #0
gpg: key "jacob at appelbaum.net" not found on keyserver
All the best,
More information about the Gnupg-devel