[tor-bugs] #2846 [Torify]: Patch GPG to support SOCKS proxies
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Tue Sep 25 01:45:18 UTC 2012
#2846: Patch GPG to support SOCKS proxies
------------------------+---------------------------------------------------
Reporter: rransom | Owner: mikeperry
Type: defect | Status: reopened
Priority: normal | Milestone:
Component: Torify | Version:
Resolution: | Keywords:
Parent: | Points:
Actualpoints: |
------------------------+---------------------------------------------------
Comment(by ioerror):
On to some good news, I guess.
The following examples don't leak DNS and properly use the HTTP proxy.
x-hkp://
{{{
gpg --keyserver x-hkp://pool.sks-keyservers.net --keyserver-options no-
auto-key-retrieve,no-try-dns-srv,http-
proxy=http://127.0.0.1:8119,debug,verbose --recv-key 0x4193A197
}}}
x-broken-hkp://
{{{
gpg --keyserver x-broken-hkp://kpool.sks-keyservers.net --keyserver-
options no-auto-key-retrieve,no-try-dns-srv,http-
proxy=http://127.0.0.1:8119,debug,verbose --recv-key 0x4193A197
}}}
The 'broken-http-proxy' key server option:
{{{
pg --keyserver hkp://kpool.sks-keyservers.net --keyserver-options broken-
http-proxy,no-auto-key-retrieve,no-try-dns-srv,http-
proxy=http://127.0.0.1:8119,debug,verbose --recv-key 0x4193A197
}}}
An FTP key server:
{{{
gpg --keyserver ftp://keyserver.pgp.com --keyserver-options broken-http-
proxy,no-auto-key-retrieve,no-try-dns-srv,http-
proxy=http://127.0.0.1:8119,debug,verbose --recv-key 0x4193A197
}}}
A bullshit protocol name I just futzed up:
{{{
gpg --keyserver ///://keyserver.pgp.com --keyserver-options broken-http-
proxy,no-auto-key-retrieve,no-try-dns-srv,http-
proxy=http://127.0.0.1:8119,debug,verbose --recv-key 0x4193A197
A special local host name (see line 359 of g10/keyserver.c):
{{{
gpg --keyserver x-hkp///keyserver.pgp.com --keyserver-options broken-http-
proxy,no-auto-key-retrieve,no-try-dns-srv,http-
proxy=http://127.0.0.1:8119,debug,verbose --recv-key 0x4193A197
}}}
That last one is funny and causes gpg to do something odd (looks like a
bug to me...):
{{{
> GET
http://x-hkp:11371///keyserver.pgp.com/pks/lookup?op=get&options=mr&search=0x4193A197
HTTP/1.1
}}}
Lucky for us - the proxy support is respected in all of the above cases.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2846#comment:29>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list