[pkg-gnupg-maint] Bug#818802: gnupg2: gpg2.1 does not support http proxy to connect to hkps keyserver

Mark cooler at posteo.org
Sun Mar 20 18:43:19 UTC 2016 

Package: gnupg2
Version: 2.1.11-6
Severity: wishlist

Dear Maintainer,

with gpg 2.0 I used the following configuration to connect to 
hkps keyserver.

~/.gnupg/gpg.conf:

keyserver hkps://hkps.pool.sks-keyservers.net
keyserver-options http-proxy=http://proxy:8118

Here, the proxy server is privoxy which supports HTTP CONNECT requests 
to tunnel the SSL traffic (but I guess other http proxies will show the 
same behaviour).
This worked fine as gpg 2.0 sent HTTP CONNECT requests to the proxy.

With gpg 2.1 I added the following configuration to
~/.gnupg/dirmngr.conf:

http-proxy http://proxy:8118
keyserver hkps://hkps.pool.sks-keyservers.net

but I cannot connect to the keyserver. 
It looks like dirmngr does not send an HTTP CONNECT request. Instead SSL 
traffic is sent to the proxy server which does not know what to do with 
it and discards it.

I guess network configurations in which the use of a proxy is enforced 
for all http(s) traffic are not uncommon. In such a configuration an 
hkps keyserver cannot be connected with gpg 2.1.


Thanks,
Mark




-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (900, 'testing'), (600, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.3.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages gnupg2 depends on:
ii  dpkg           1.18.4
ii  gnupg-agent    2.1.11-6
ii  install-info   6.1.0.dfsg.1-5
ii  libassuan0     2.4.2-3
ii  libbz2-1.0     1.0.6-8
ii  libc6          2.22-3
ii  libgcrypt20    1.6.5-2
ii  libgpg-error0  1.21-2
ii  libksba8       1.3.3-3
ii  libreadline6   6.3-8+b4
ii  libsqlite3-0   3.11.1-1
ii  zlib1g         1:1.2.8.dfsg-2+b1

Versions of packages gnupg2 recommends:
ii  dirmngr  2.1.11-6

Versions of packages gnupg2 suggests:
pn  gnupg-doc   <none>
pn  parcimonie  <none>
pn  xloadimage  <none>

-- no debconf information

More information about the pkg-gnupg-maint mailing list