security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-03 22:56:33 +02:00
Code Activity

dirmngr: Add option --use-tor as a stub.

Browse source 
* dirmngr/dirmngr.h (opt): Add field "use_tor".
* dirmngr/dirmngr.c (oUseTor): New.
(opts): Add --use-tor.
(parse_rereadable_options): Set option.
(main): Tell gpgconf about that option.

* dirmngr/crlfetch.c (crl_fetch): Pass TOR flag to the http module and
return an error if LDAP is used in TOR mode.
(ca_cert_fetch): Return an error in TOR mode.
(start_cert_fetch): Ditto.
* dirmngr/ks-engine-finger.c (ks_finger_fetch): Pass TOR flag to the
http module.
* dirmngr/ks-engine-hkp.c (send_request): Ditto.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/ks-engine-ldap.c (ks_ldap_get): Return an error in TOR mode.
(ks_ldap_search): Ditto.
(ks_ldap_put): Ditto.
* dirmngr/ocsp.c (do_ocsp_request): Ditto.  Also pass TOR flag to the
http module.

* dirmngr/server.c (option_handler): Add "honor-keyserver-url-used".
(cmd_dns_cert): Return an error in TOR mode.
(cmd_getinfo): Add subcommand "tor"
* tools/gpgconf-comp.c (gc_options_dirmngr): Add TOR group.
--

More work is required to actually make --use-tor useful.  For now it
returns an error for almost all network access but as soon as we have
added the TOR feature to the http module some parts will start to
work.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2015-09-18 16:17:11 +02:00
parent d5a3142b8f
commit c091816b4a
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
10 changed files with 97 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

11
dirmngr/ocsp.c
View file

@ -132,6 +132,14 @@ do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp, gcry_md_hd_t md,
(void)ctrl;
if (opt.use_tor)
{
/* For now we do not allow OCSP via TOR due to possible privacy
concerns. Needs further research. */
log_error (_("OCSP request not possible due to TOR mode\n"));
return gpg_error (GPG_ERR_NOT_SUPPORTED);
}
if (opt.disable_http)
{
log_error (_("OCSP request not possible due to disabled HTTP\n"));
@ -165,7 +173,8 @@ do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp, gcry_md_hd_t md,
once_more:
err = http_open (&http, HTTP_REQ_POST, url, NULL, NULL,
(opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0),
((opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
| (opt.use_tor? HTTP_FLAG_FORCE_TOR:0)),
ctrl->http_proxy, NULL, NULL, NULL);
if (err)
{