SOCKS4A/SOCKS5 proxy support?
Jacob Appelbaum
jacob at appelbaum.net
Mon Sep 24 23:10:42 CEST 2012
David Shaw:
> On Sep 24, 2012, at 4:37 PM, Jacob Appelbaum wrote:
>
>> David Shaw:
>>> On Sep 24, 2012, at 3:22 PM, Jacob Appelbaum wrote:
>>>
>>>> David Shaw:
>>>>> On Sep 24, 2012, at 6:11 AM, Werner Koch wrote:
>>>>>
>>>>>> On Mon, 24 Sep 2012 01:43, jacob at appelbaum.net said:
>>>>>>
>>>>>>> Are there any plans to add support to gpg for SOCKS5? Would such
>>>>>>> a thing be a welcome patch?
>>>>>>
>>>>>> Does Curl support SOCKS? Then GnuPG should benefit from it
>>>>>> directy. Well unless you are talking about Windows, where we don't
>>>>>> build with Curl support.
>>>>>
>>>>> If your curl is recent enough (7.21.7 and later), then you can set
>>>>> the proxy to something like "socks5://your-proxy-here.example.com"
>>>>> and it should do the right thing.
>>>>>
>>>>
>>>> That is great news.
>>>>
>>>> I guess we'd want a way to set the SOCKS proxy in GnuPG and then
>>>> properly set the SOCKS argument in the curl library usage. If that was
>>>> done, I guess we'd have SOCKS support on all platforms other than
>>>> Windows - which I think is a reasonable start.
>>>>
>>>> Is there anything I should consider before getting started on a patch?
>>>
>>> You shouldn't need to patch anything. Try this in your gpg.conf file:
>>>
>>
>>
>> I'd like to make sure that there is an option to specifically set a
>> SOCKS5 proxy and have things fail closed if it doesn't work as expected.
>>
>>
>>> keyserver-options http-proxy=socks5://your-proxy-here
>>>
>>> Or on the command line:
>>>
>>> gpg --keyserver-options http-proxy=socks5://your-proxy-here
>>>
>>> Or just set the "http_proxy" environment variable.
>>>
>>
>> I did try the above (
>> https://trac.torproject.org/projects/tor/ticket/6940#comment:26 ) and
>> found that it wasn't working. The output is in that ticket.
>>
>> Looking at my gpg I see that Ubuntu's build doesn't link against curl (?):
>
> Correct, it doesn't.
The gpg-curl package resolves this issue on Ubuntu/Debian systems.
>
>> It does appear that gpg2 links against libcurl-gnutls.so.4 but it
>> doesn't work as expected either:
>>
>> gpg2 --keyserver-options
>> http-proxy=socks5://127.0.0.1:9050,debug,verbose --search
>> jacob at appelbaum.net
>> gpg: searching for "jacob at appelbaum.net" from hkp server
>> pool.sks-keyservers.net
>> gpgkeys: curl version = libcurl/7.21.3 GnuTLS/2.8.6 zlib/1.2.3.4 libidn/1.18
>
> It's linked against libcurl 7.21.3. The socks5:// URL type was added in 7.21.7.
Sorry, my mistake. I see that and understand why it isn't working. :)
All the best,
Jake
More information about the Gnupg-devel
mailing list