use-tor should not imply allow-version-check

Werner Koch wk at gnupg.org
Mon Jan 2 10:37:52 CET 2017 

Hi!

On Thu, 29 Dec 2016 22:41, steven at stebalien.com said:
> For some reason, dirmngr's use-tor option implies allow-version-check.

Right.  The reason for the --allow-version-check option is that a GnuPG
should not by default leak information (here an IP address running
GnuPG).  With Tor being enabled, all network access goes via Tor and
thus nothing should leak.

BTW, the man page entry:

      --use-tor

              This option switches Dirmngr and thus GnuPG into ``Tor
              mode'' to route all network access via Tor (an anonymity
              network).  WARNING: As of now this still leaks the DNS
              queries; e.g. to lookup the hosts in a keyserver pool.
              Certain other features are disabled if this mode is
              active.

is wrong: DNS queries are meanwhile routed via Tor.

> Note: These update checks are *not* made over TOR.

They are.  If you follow the code you get to this:


  err = http_open (&http,
                   HTTP_REQ_GET,
                   url,
                   /* httphost */ NULL,
                   /* fixme: AUTH */ NULL,
                   ((opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
                    | (opt.use_tor? HTTP_FLAG_FORCE_TOR:0)),
/*                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^  */
                   ctrl->http_proxy,
                   session,
                   NULL,
                   /*FIXME curl->srvtag*/NULL);

and in http.c you will find:

  if ((hd->flags & HTTP_FLAG_FORCE_TOR))
    {
      int mode;

      if (assuan_sock_get_flag (ASSUAN_INVALID_FD, "tor-mode", &mode) || !mode)
        {
          log_error ("Tor support is not available\n");
          return gpg_err_make (default_errsource, GPG_ERR_NOT_IMPLEMENTED);
        }
    }

which makes sure that an error is returned if Tor is not available.  The
assuan library has socket function call wrappers which takes care of
routing connections via Tor.  Tor mode itself is enabled at dirmngr
startup and on reload by telling libassuan about it:

  static void
  set_tor_mode (void)
  {
    if (opt.use_tor)
      {
        if (assuan_sock_set_flag (ASSUAN_INVALID_FD, "tor-mode", 1))
          {
            log_error ("error enabling Tor mode: %s\n", strerror (errno));
            log_info ("(is your Libassuan recent enough?)\n");
          }
      }
  }
  


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: </pipermail/attachments/20170102/c0a67872/attachment.sig>

More information about the Gnupg-devel mailing list