SOCKS4A/SOCKS5 proxy support?

Hans-Christoph Steiner hans at guardianproject.info
Tue Sep 25 01:05:37 CEST 2012



On 09/24/2012 05:10 PM, Jacob Appelbaum wrote:
> David Shaw:
>> On Sep 24, 2012, at 4:37 PM, Jacob Appelbaum wrote:
>>
>>> David Shaw:
>>>> On Sep 24, 2012, at 3:22 PM, Jacob Appelbaum wrote:
>>>>
>>>>> David Shaw:
>>>>>> On Sep 24, 2012, at 6:11 AM, Werner Koch wrote:
>>>>>>
>>>>>>> On Mon, 24 Sep 2012 01:43, jacob at appelbaum.net said:
>>>>>>>
>>>>>>>> Are there any plans to add support to gpg for SOCKS5? Would such
>>>>>>>> a thing be a welcome patch?
>>>>>>>
>>>>>>> Does Curl support SOCKS?  Then GnuPG should benefit from it
>>>>>>> directy. Well unless you are talking about Windows, where we don't
>>>>>>> build with Curl support.
>>>>>>
>>>>>> If your curl is recent enough (7.21.7 and later), then you can set
>>>>>> the proxy to something like "socks5://your-proxy-here.example.com"
>>>>>> and it should do the right thing.
>>>>>>
>>>>>
>>>>> That is great news.
>>>>>
>>>>> I guess we'd want a way to set the SOCKS proxy in GnuPG and then
>>>>> properly set the SOCKS argument in the curl library usage. If that was
>>>>> done, I guess we'd have SOCKS support on all platforms other than
>>>>> Windows - which I think is a reasonable start.
>>>>>
>>>>> Is there anything I should consider before getting started on a patch?
>>>>
>>>> You shouldn't need to patch anything.  Try this in your gpg.conf file:
>>>>
>>>
>>>
>>> I'd like to make sure that there is an option to specifically set a
>>> SOCKS5 proxy and have things fail closed if it doesn't work as expected.
>>>
>>>
>>>>  keyserver-options http-proxy=socks5://your-proxy-here
>>>>
>>>> Or on the command line:
>>>>
>>>>  gpg --keyserver-options http-proxy=socks5://your-proxy-here
>>>>
>>>> Or just set the "http_proxy" environment variable.
>>>>
>>>
>>> I did try the above (
>>> https://trac.torproject.org/projects/tor/ticket/6940#comment:26 ) and
>>> found that it wasn't working. The output is in that ticket.
>>>
>>> Looking at my gpg I see that Ubuntu's build doesn't link against curl (?):
>>
>> Correct, it doesn't.
> 
> The gpg-curl package resolves this issue on Ubuntu/Debian systems.
> 
>>
>>> It does appear that gpg2 links against libcurl-gnutls.so.4 but it
>>> doesn't work as expected either:
>>>
>>> gpg2 --keyserver-options
>>> http-proxy=socks5://127.0.0.1:9050,debug,verbose --search
>>> jacob at appelbaum.net
>>> gpg: searching for "jacob at appelbaum.net" from hkp server
>>> pool.sks-keyservers.net
>>> gpgkeys: curl version = libcurl/7.21.3 GnuTLS/2.8.6 zlib/1.2.3.4 libidn/1.18
>>
>> It's linked against libcurl 7.21.3.  The socks5:// URL type was added in 7.21.7.
> 
> Sorry, my mistake. I see that and understand why it isn't working. :)

FYI, the gnupg-for-android port already includes libcurl 7.23, so this
support should be included already.

.hc



More information about the Gnupg-devel mailing list