2.0.20 breaks DNS SRV hkp keyserver access via web proxy server

John Marshall john.marshall at riverwillow.com.au
Thu Jun 13 12:59:07 CEST 2013

On Thu, 13 Jun 2013, 17:18 +1000, John Marshall wrote:
> BUT....
> Couldn't this work (gnupg doing SRV selection) with a SOCKS5 proxy?  I
> can't find SOCKS in the man page or in the source code.  Are there any
> plans for gnupg to support keyserver connection via a SOCKS5 proxy?

I've just discovered that libcurl already supports SOCKS5 proxy, and
that it works without explicit support in gnupg.  It looks like gnupg
passes the scheme through to curl along with the proxy server name, so

  --keyserver-options http-proxy=socks5://local.socks5.proxy:1080

works!  That lets gnupg do all the DNS SRV stuff and delegates only the
TCP connection to the SOCKS5 proxy.

  rwpc13> gpg --keyserver hkp://au.gnupg.net --keyserver-options 'http-proxy=socks5://rwsrv04.mby.riverwillow.net.au:1080 debug' --search-keys 0xA29A84A2
  gpg: searching for "0xA29A84A2" from hkp server au.gnupg.net
  gpgkeys: curl version = libcurl/7.24.0 OpenSSL/0.9.8y zlib/1.2.7
  gpgkeys: Faking pgpkey-http SRV from au.gnupg.net to keyserver.oeg.com.au:11371
  gpgkeys: search type is 5, and key is "A29A84A2"
  * Added au.gnupg.net:11371: to DNS cache
  * About to connect() to proxy rwsrv04.mby.riverwillow.net.au port 1080 (#0)
  *   Trying
  * connected
  * Connected to rwsrv04.mby.riverwillow.net.au ( port 1080 (#0)
  > GET /pks/lookup?op=index&options=mr&search=0xA29A84A2 HTTP/1.1
  Accept: */*
  Host: au.gnupg.net
  Pragma: no-cache
  Cache-Control: no-cache
  < HTTP/1.1 200 OK
  < Date: Thu, 13 Jun 2013 10:47:56 GMT
  < Content-Type: text/plain
  < Connection: keep-alive
  < Server: sks_www/1.1.3
  < Content-length: 111
  < X-HKP-Results-Count: 1
  < Via: 1.1 keyserver.oeg.com.au:80 (nginx)
  * Connection #0 to host au.gnupg.net left intact
  * Closing connection #0
  (1)	John Marshall <john.marshall at riverwillow.com.au>
  	  1024 bit DSA key A29A84A2, created: 2008-05-03
  Keys 1-1 of 1 for "0xA29A84A2".  Enter number(s), N)ext, or Q)uit > q

John Marshall
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: </pipermail/attachments/20130613/e2beacfb/attachment.sig>

More information about the Gnupg-devel mailing list