Mailing List Archive: GnuPG-0.9.2 and proxy servers

GnuPG-0.9.2 and proxy servers

Feb 11, 1999, 8:45 AM

Post #1 of 13 (627 views)

Hi folks,

I recently fiddled with the public key lookup mechanism for gpg, and hit a
nasty shortcoming: gpg was not able to get through a proxy firewall. It
tries to contact the keyserver directly, and since it does not use port 80,
the firewall has a hard time determining how to proxy this transparently,
i.e. it will block the connection.

To make life easier for us proxied peasants, I added some code to allow
gpg to go through a proxy. No rocket science, but quite convenient and it
seems to work.

If anyone's interested (Werner?) I can post the patches. They're not very
big, 391 lines of diff-source spread over 5 files (g10.c, hkp.c, http.c,
http.h, options.h options.skel), not counting some modifications to the
pod manual source to make it print nicer on PostScript and for which the
diff is larger than the actual file.

Anyway, let me know.

Cheers,
Steven

Re: GnuPG-0.9.2 and proxy servers [ In reply to ]

mroth at nessie

Feb 13, 1999, 9:42 AM

Post #2 of 13 (608 views)

On Thu, 11 Feb 1999, Steven Bakker wrote:

> If anyone's interested (Werner?) I can post the patches. They're not very
> big, 391 lines of diff-source spread over 5 files (g10.c, hkp.c, http.c,
> http.h, options.h options.skel), not counting some modifications to the
~~~~~~~~~~~~~~~~~~~~~~

I assume you added a new command line option to submit the proxy address.
However, mostly used is a environment variable named `http_proxy' so I
voting for this solution.

cu
Michael

Re: GnuPG-0.9.2 and proxy servers [ In reply to ]

Feb 14, 1999, 4:16 PM

Post #3 of 13 (627 views)

On Sun, Feb 14, 1999 at 06:00:48PM -0500, Stainless Steel Rat wrote:
> * Michael Roth <mroth@nessie.de>
> | I assume you added a new command line option to submit the proxy address.
> | However, mostly used is a environment variable named `http_proxy' so I
> | voting for this solution.
>
> Ditto.
>
> Speaking of which, how does one get GPG 0.9.2 to fetch keys from a remote
> server?

Add:
keyserver wwwkeys.us.pgp.net

To your options file, and then go verify a sig you don't have on your
keyring. GPG will fetch it automatically.

--
Brian Moore | "The Zen nature of a spammer resembles
Sysadmin, C/Perl Hacker | a cockroach, except that the cockroach
Usenet Vandal | is higher up on the evolutionary chain."
Netscum, Bane of Elves. Peter Olson, Delphi Postmaster

Re: GnuPG-0.9.2 and proxy servers [ In reply to ]

Feb 15, 1999, 3:24 AM

Post #4 of 13 (609 views)

>>>>> On Sat, 13 Feb 1999, "MR" == Michael Roth wrote:

MR> I assume you added a new command line option to submit the proxy
MR> address. However, mostly used is a environment variable named
MR> `http_proxy' so I voting for this solution.

No sweat. Added three lines to g10.c to do just that. It first looks for
HTTP_PROXY. If that's not set, it tries "http_proxy". The command line
and options file still override the environment variable, as you (at least
I) would expect.

Cheers,
Steven

Re: GnuPG-0.9.2 and proxy servers [ In reply to ]

Feb 15, 1999, 11:59 AM

Post #5 of 13 (612 views)

Stainless Steel Rat <ratinox@peorth.gweep.net> writes:

> * brian moore <bem@cmc.net> Sun, 14 Feb 1999 15:16:19 -0800
> | Add:
> | keyserver wwwkeys.us.pgp.net
>
> Duh. It was commented out.

Sure. I have a dial up connection and always giving 0,12 DM
to the Deutsche Telekom is not what I want to do while testing the
program ;-)

Werner

--
ceterum censeo RSA esse delendam

Re: GnuPG-0.9.2 and proxy servers [ In reply to ]

Feb 15, 1999, 12:03 PM

Post #6 of 13 (613 views)

Steven Bakker <steven@icoe.att.com> writes:

> If anyone's interested (Werner?) I can post the patches. They're not very

I need the disclaimer ....

And I don't like to see special code for one special purpose in it.
What I can do is to add support for SOCKS. The other way youl be a
local keyserver which does all the stuff needed to get thru the
firewall - Hmmm, I think this is the better solution.

Werner

--
ceterum censeo RSA esse delendam

Re: GnuPG-0.9.2 and proxy servers [ In reply to ]

Feb 15, 1999, 2:10 PM

Post #7 of 13 (611 views)

On Feb 15, Werner Koch <wk@isil.d.shuttle.de> wrote:
>And I don't like to see special code for one special purpose in it.
>What I can do is to add support for SOCKS. The other way youl be a
>local keyserver which does all the stuff needed to get thru the
>firewall - Hmmm, I think this is the better solution.
Why don't you remove ALL code for getting the key and add some that will
exec a script passing the keyid as a parameter? This will offer an
extensible and easily user modifiable method to get the key.

--
ciao,
Marco

Re: GnuPG-0.9.2 and proxy servers [ In reply to ]

mroth at nessie

Feb 15, 1999, 2:39 PM

Post #8 of 13 (610 views)

On Mon, 15 Feb 1999, Werner Koch wrote:

> And I don't like to see special code for one special purpose in it.
> What I can do is to add support for SOCKS. The other way youl be a
> local keyserver which does all the stuff needed to get thru the
> firewall - Hmmm, I think this is the better solution.

Hmm. AFAIK the `http_proxy' environment variable is a standard way in
un*x. IMHO support of `http_proxy' would be nice. However, I don't like
the command line option.

cu
Michael

Re: GnuPG-0.9.2 and proxy servers [ In reply to ]

Feb 16, 1999, 3:28 AM

Post #9 of 13 (608 views)

Marco d'Itri <md@linux.it> writes:

> Why don't you remove ALL code for getting the key and add some that will
> exec a script passing the keyid as a parameter? This will offer an
> extensible and easily user modifiable method to get the key.

Sometimes I care about OS/2 and Windoze ;-). Good point and more the
Unix way to do it.

--
ceterum censeo RSA esse delendam

Re: GnuPG-0.9.2 and proxy servers [ In reply to ]

Feb 16, 1999, 12:14 PM

Post #10 of 13 (608 views)

On Feb 16, Werner Koch <wk@isil.d.shuttle.de> wrote:
>> Why don't you remove ALL code for getting the key and add some that will
>> exec a script passing the keyid as a parameter? This will offer an
>> extensible and easily user modifiable method to get the key.
>Sometimes I care about OS/2 and Windoze ;-). Good point and more the
>Unix way to do it.
What about a #define? I am sure most unix users would like to use wget.

--
ciao,
Marco

Re: GnuPG-0.9.2 and proxy servers [ In reply to ]

Feb 18, 1999, 1:23 PM

Post #11 of 13 (608 views)

Werner Koch <wk@isil.d.shuttle.de> writes:

> Sometimes I care about OS/2 and Windoze ;-). Good point and more the
> Unix way to do it.

I remember why I put the code into gpg: In future it should be
possible to use a keyserver instead of a keyring and therefore some
socket code would be needed anyway (And I already wrote this http code
for another project).

Werner

--
ceterum censeo RSA esse delendam

Re: GnuPG-0.9.2 and proxy servers [ In reply to ]

Feb 18, 1999, 1:23 PM

Post #12 of 13 (623 views)

Werner Koch <wk@isil.d.shuttle.de> writes:

> Sometimes I care about OS/2 and Windoze ;-). Good point and more the
> Unix way to do it.

I remember why I put the code into gpg: In future it should be
possible to use a keyserver instead of a keyring and therefore some
socket code would be needed anyway (And I already wrote this http code
for another project).

Werner

--
ceterum censeo RSA esse delendam

Re: GnuPG-0.9.2 and proxy servers [ In reply to ]

Feb 18, 1999, 1:23 PM

Post #13 of 13 (622 views)

Werner Koch <wk@isil.d.shuttle.de> writes:

> Sometimes I care about OS/2 and Windoze ;-). Good point and more the
> Unix way to do it.

I remember why I put the code into gpg: In future it should be
possible to use a keyserver instead of a keyring and therefore some
socket code would be needed anyway (And I already wrote this http code
for another project).

Werner

--
ceterum censeo RSA esse delendam