Using WKD via http_proxy without DNS server available

Michał Górny mgorny at gentoo.org
Mon Oct 21 15:36:54 CEST 2019


Hello,

We received a report from one of our users who was unable to get GnuPG
to fetch keys from behind a HTTP proxy [1].  From our investigation, it
seems that GnuPG does not even try to use the proxy if the system does
not have a DNS server configured.  In particular, the log posted at [2]
states:

  2019-10-17 16:28:05 dirmngr[17549.6] DBG: chan_6 <- WKD_GET -- infrastructure at gentoo.org
  2019-10-17 16:28:05 dirmngr[17549.6] DBG: dns: libdns initialized
  2019-10-17 16:28:05 dirmngr[17549.6] DBG: dns: resolve_dns_name(openpgpkey.gentoo.org): Server indicated a failure
  2019-10-17 16:28:05 dirmngr[17549.6] DBG: dns: getsrv(_openpgpkey._tcp.gentoo.org): Server indicated a failure
  2019-10-17 16:28:05 dirmngr[17549.6] command 'WKD_GET' failed: Server indicated a failure <Unspecified source>
  2019-10-17 16:28:05 dirmngr[17549.6] DBG: chan_6 -> ERR 219 Server indicated a failure <Unspecified source>
  2019-10-17 16:28:05 dirmngr[17549.6] DBG: chan_6 <- BYE
  2019-10-17 16:28:05 dirmngr[17549.6] DBG: chan_6 -> OK closing connection
  2019-10-17 16:28:05 dirmngr[17549.6] handler for fd 6 terminated

FWICS the problem is that dirmngr aborts immediately upon getting DNS
error.  Could it be changed to proceed as if no DNS records were
received, and attempt to perform the request via proxy?  TIA.


[1] https://bugs.gentoo.org/661376
[2] https://bugs.gentoo.org/661376#c31

-- 
Best regards,
Michał Górny

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 618 bytes
Desc: This is a digitally signed message part
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20191021/4baa69ec/attachment.sig>


More information about the Gnupg-users mailing list