Page MenuHome GnuPG

HTTP proxy not honoured
Closed, InvalidPublic

Description

I'm setting up GPG4Win/Kleopatra on Windows (Win 7 Pro) to manage some .p7m files; i need to verify X.509 certificates in a corporate network, where there's no direct internet access, only mediated by a proxy.

So i've setup in Kleopatra the proxy, and verified that in %APPDATA%\gnupg\dirmngr.conf there's the correct row:

http-proxy http://proxy.sv.lnf.it:8080

but proxy are not even contacted (verified with network sniffer).

Thanks.

Details

Version
3.1.2

Event Timeline

Werner please give an opinion / triage.

Do you have Tor or the Tor Browser running? Dirmngr will use them instead of a direct or proxy network connection. Di disable this behaviour put

no-use-tor

into dirmngr.conf. If that is not the case we need some more debug info. Put

log-file SOMEFILE
verbose
debug network,dns

into dirmngr.conf and post the log file (or send privately to wk@gnupg.org mentioning T4044 in the subject - no HTML please).

Boh. I've retried today, and seems to work as expected:

2018-07-06 12:20:14 dirmngr[6996] listening on socket 'C:\Users\gaio\AppData\Roaming\gnupg\S.dirmngr'
2018-07-06 12:20:14 dirmngr[6996] permanently loaded certificates: 55
2018-07-06 12:20:14 dirmngr[6996]     runtime cached certificates: 0
2018-07-06 12:20:14 dirmngr[6996]            trusted certificates: 55 (54,0,0,1)
2018-07-06 12:20:15 dirmngr[6996] handler for fd 244 started
2018-07-06 12:20:15 dirmngr[6996] cached CRL for issuer id EA33215DE93C57CD155BF41DA77AA8DB5527EF9C too old; update required
2018-07-06 12:20:15 dirmngr[6996] checking distribution points
2018-07-06 12:20:15 dirmngr[6996] fetching CRL from 'http://crl.arubapec.it/ArubaPECSpACertificationAuthorityC/LatestCRL.crl'
2018-07-06 12:20:15 dirmngr[6996] DBG: Using TLS library: NTBTLS 0.1.2
2018-07-06 12:20:15 dirmngr[6996] DBG: http.c:connect_server: trying name='proxy.sv.lnf.it' port=8080
2018-07-06 12:20:15 dirmngr[6996] DBG: dns: dnsserver[0] '10.5.1.3'
2018-07-06 12:20:15 dirmngr[6996] DBG: dns: dnsserver[1] '10.5.1.5'
2018-07-06 12:20:15 dirmngr[6996] DBG: dns: libdns initialized
2018-07-06 12:20:15 dirmngr[6996] DBG: dns: resolve_dns_name(proxy.sv.lnf.it): Eseguito
2018-07-06 12:20:15 dirmngr[6996] DBG: http.c:1877:socket_new: object 0x02ed9670 for fd 484 created
2018-07-06 12:20:15 dirmngr[6996] DBG: http.c:request:
2018-07-06 12:20:15 dirmngr[6996] DBG: >> GET http://crl.arubapec.it:80/ArubaPECSpACertificationAuthorityC/LatestCRL.crl HTTP/1.0\r\n
2018-07-06 12:20:15 dirmngr[6996] DBG: http.c:request-header:
2018-07-06 12:20:15 dirmngr[6996] DBG: >> \r\n
2018-07-06 12:20:15 dirmngr[6996] DBG: http.c:response:
2018-07-06 12:20:15 dirmngr[6996] DBG: >> HTTP/1.1 200 OK\r\n
2018-07-06 12:20:15 dirmngr[6996] http.c:RESP: 'Date: Fri, 06 Jul 2018 10:20:15 GMT'
2018-07-06 12:20:15 dirmngr[6996] http.c:RESP: 'Server: Apache'
2018-07-06 12:20:15 dirmngr[6996] http.c:RESP: 'Last-Modified: Fri, 06 Jul 2018 10:01:51 GMT'
2018-07-06 12:20:15 dirmngr[6996] http.c:RESP: 'ETag: "108003-505fa1-c0b061c0"'
2018-07-06 12:20:15 dirmngr[6996] http.c:RESP: 'Accept-Ranges: bytes'
2018-07-06 12:20:15 dirmngr[6996] http.c:RESP: 'Content-Length: 5267361'
2018-07-06 12:20:15 dirmngr[6996] http.c:RESP: 'Content-Type: application/x-pkcs7-crl'
2018-07-06 12:20:15 dirmngr[6996] http.c:RESP: 'X-Cache: MISS from proxy.sv.lnf.it'
2018-07-06 12:20:15 dirmngr[6996] http.c:RESP: 'X-Cache-Lookup: MISS from proxy.sv.lnf.it:8080'
2018-07-06 12:20:15 dirmngr[6996] http.c:RESP: 'Via: 1.1 proxy.sv.lnf.it (squid/3.4.8)'
2018-07-06 12:20:15 dirmngr[6996] http.c:RESP: 'Connection: close'
2018-07-06 12:20:15 dirmngr[6996] http.c:RESP: ''
2018-07-06 12:20:15 dirmngr[6996] inserting CRL (reader 0x02df53b8)
2018-07-06 12:20:15 dirmngr[6996] update times of this CRL: this=20180706T100039 next=20180707T100039
2018-07-06 12:20:18 dirmngr[6996] locating CRL issuer certificate by authorityKeyIdentifier
2018-07-06 12:20:18 dirmngr[6996] certificate cached
2018-07-06 12:20:18 dirmngr[6996] Note: non-critical certificate policy not allowed
2018-07-06 12:20:18 dirmngr[6996] root certificate is not marked trusted
2018-07-06 12:20:18 dirmngr[6996] fingerprint=F09DA8CC6AB63A04CDA04CBA5113CEB74B3B4313
2018-07-06 12:20:18 dirmngr[6996] DBG: BEGIN Certificate 'issuer':
2018-07-06 12:20:18 dirmngr[6996] DBG:      serial: 6CAD805E30383CC586F31FAB2F6E95F7
2018-07-06 12:20:18 dirmngr[6996] DBG:   notBefore: 2010-10-22 00:00:00
2018-07-06 12:20:18 dirmngr[6996] DBG:    notAfter: 2030-10-22 23:59:59
2018-07-06 12:20:18 dirmngr[6996] DBG:      issuer: CN=ArubaPEC S.p.A. NG CA 3,OU=Certification AuthorityC,O=ArubaPEC S.p.A.,C=IT
2018-07-06 12:20:18 dirmngr[6996] DBG:     subject: CN=ArubaPEC S.p.A. NG CA 3,OU=Certification AuthorityC,O=ArubaPEC S.p.A.,C=IT
2018-07-06 12:20:18 dirmngr[6996] DBG:   hash algo: 1.2.840.113549.1.1.11
2018-07-06 12:20:18 dirmngr[6996] DBG:   SHA1 fingerprint: F09DA8CC6AB63A04CDA04CBA5113CEB74B3B4313
2018-07-06 12:20:18 dirmngr[6996] DBG: END Certificate
2018-07-06 12:20:18 dirmngr[6996] root certificate is good but not trusted
2018-07-06 12:20:18 dirmngr[6996] certificate chain is good
2018-07-06 12:20:18 dirmngr[6996]   certificate #6CAD805E30383CC586F31FAB2F6E95F7/CN=ArubaPEC S.p.A. NG CA 3,OU=Certification AuthorityC,O=ArubaPEC S.p.A.,C=IT
2018-07-06 12:20:18 dirmngr[6996] not checking CRL for #6CAD805E30383CC586F31FAB2F6E95F7/CN=ArubaPEC S.p.A. NG CA 3,OU=Certification AuthorityC,O=ArubaPEC S.p.A.,C=IT
2018-07-06 12:20:18 dirmngr[6996] target certificate may be valid

In my previous tests, clerly, at every config modification i've stop kleopatra and restart them. It was not sufficient?

Sorry... and thanks!

No problem. I am glad that it works.