2.0.20 breaks DNS SRV hkp keyserver access via web proxy server
John Marshall
john.marshall at riverwillow.com.au
Thu Jun 13 12:59:07 CEST 2013
On Thu, 13 Jun 2013, 17:18 +1000, John Marshall wrote:
> BUT....
>
> Couldn't this work (gnupg doing SRV selection) with a SOCKS5 proxy? I
> can't find SOCKS in the man page or in the source code. Are there any
> plans for gnupg to support keyserver connection via a SOCKS5 proxy?
I've just discovered that libcurl already supports SOCKS5 proxy, and
that it works without explicit support in gnupg. It looks like gnupg
passes the scheme through to curl along with the proxy server name, so
specifying
--keyserver-options http-proxy=socks5://local.socks5.proxy:1080
works! That lets gnupg do all the DNS SRV stuff and delegates only the
TCP connection to the SOCKS5 proxy.
rwpc13> gpg --keyserver hkp://au.gnupg.net --keyserver-options 'http-proxy=socks5://rwsrv04.mby.riverwillow.net.au:1080 debug' --search-keys 0xA29A84A2
gpg: searching for "0xA29A84A2" from hkp server au.gnupg.net
gpgkeys: curl version = libcurl/7.24.0 OpenSSL/0.9.8y zlib/1.2.7
gpgkeys: Faking pgpkey-http SRV from au.gnupg.net to keyserver.oeg.com.au:11371
gpgkeys: search type is 5, and key is "A29A84A2"
* Added au.gnupg.net:11371:203.33.246.146 to DNS cache
* About to connect() to proxy rwsrv04.mby.riverwillow.net.au port 1080 (#0)
* Trying 172.25.24.17...
* connected
* Connected to rwsrv04.mby.riverwillow.net.au (172.25.24.17) port 1080 (#0)
> GET /pks/lookup?op=index&options=mr&search=0xA29A84A2 HTTP/1.1
Accept: */*
Host: au.gnupg.net
Pragma: no-cache
Cache-Control: no-cache
< HTTP/1.1 200 OK
< Date: Thu, 13 Jun 2013 10:47:56 GMT
< Content-Type: text/plain
< Connection: keep-alive
< Server: sks_www/1.1.3
< Content-length: 111
< X-HKP-Results-Count: 1
< Via: 1.1 keyserver.oeg.com.au:80 (nginx)
<
* Connection #0 to host au.gnupg.net left intact
* Closing connection #0
(1) John Marshall <john.marshall at riverwillow.com.au>
1024 bit DSA key A29A84A2, created: 2008-05-03
Keys 1-1 of 1 for "0xA29A84A2". Enter number(s), N)ext, or Q)uit > q
rwpc13>
--
John Marshall
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: </pipermail/attachments/20130613/e2beacfb/attachment.sig>
More information about the Gnupg-devel
mailing list