Page MenuHome GnuPG
Create Task
Maniphest T4044

HTTP proxy not honoured
Closed, InvalidPublic
Actions

Description

I'm setting up GPG4Win/Kleopatra on Windows (Win 7 Pro) to manage some .p7m files; i need to verify X.509 certificates in a corporate network, where there's no direct internet access, only mediated by a proxy.

So i've setup in Kleopatra the proxy, and verified that in %APPDATA%\gnupg\dirmngr.conf there's the correct row:

http-proxy http://proxy.sv.lnf.it:8080

but proxy are not even contacted (verified with network sniffer).

Thanks.

Details

Version
3.1.2

Event Timeline

marcogaio created this task.Jun 28 2018, 2:37 PM
aheinecke added subscribers: werner, aheinecke.Jun 28 2018, 3:30 PM

Werner please give an opinion / triage.

werner added a comment.Jul 4 2018, 8:44 AM

Do you have Tor or the Tor Browser running? Dirmngr will use them instead of a direct or proxy network connection. Di disable this behaviour put

no-use-tor

into dirmngr.conf. If that is not the case we need some more debug info. Put

log-file SOMEFILE
verbose
debug network,dns

into dirmngr.conf and post the log file (or send privately to wk@gnupg.org mentioning T4044 in the subject - no HTML please).

marcogaio added a comment.Jul 6 2018, 12:39 PM

Boh. I've retried today, and seems to work as expected:

2018-07-06 12:20:14 dirmngr[6996] listening on socket 'C:\Users\gaio\AppData\Roaming\gnupg\S.dirmngr'
2018-07-06 12:20:14 dirmngr[6996] permanently loaded certificates: 55
2018-07-06 12:20:14 dirmngr[6996]     runtime cached certificates: 0
2018-07-06 12:20:14 dirmngr[6996]            trusted certificates: 55 (54,0,0,1)
2018-07-06 12:20:15 dirmngr[6996] handler for fd 244 started
2018-07-06 12:20:15 dirmngr[6996] cached CRL for issuer id EA33215DE93C57CD155BF41DA77AA8DB5527EF9C too old; update required
2018-07-06 12:20:15 dirmngr[6996] checking distribution points
2018-07-06 12:20:15 dirmngr[6996] fetching CRL from 'http://crl.arubapec.it/ArubaPECSpACertificationAuthorityC/LatestCRL.crl'
2018-07-06 12:20:15 dirmngr[6996] DBG: Using TLS library: NTBTLS 0.1.2
2018-07-06 12:20:15 dirmngr[6996] DBG: http.c:connect_server: trying name='proxy.sv.lnf.it' port=8080
2018-07-06 12:20:15 dirmngr[6996] DBG: dns: dnsserver[0] '10.5.1.3'
2018-07-06 12:20:15 dirmngr[6996] DBG: dns: dnsserver[1] '10.5.1.5'
2018-07-06 12:20:15 dirmngr[6996] DBG: dns: libdns initialized
2018-07-06 12:20:15 dirmngr[6996] DBG: dns: resolve_dns_name(proxy.sv.lnf.it): Eseguito
2018-07-06 12:20:15 dirmngr[6996] DBG: http.c:1877:socket_new: object 0x02ed9670 for fd 484 created
2018-07-06 12:20:15 dirmngr[6996] DBG: http.c:request:
2018-07-06 12:20:15 dirmngr[6996] DBG: >> GET http://crl.arubapec.it:80/ArubaPECSpACertificationAuthorityC/LatestCRL.crl HTTP/1.0\r\n
2018-07-06 12:20:15 dirmngr[6996] DBG: http.c:request-header:
2018-07-06 12:20:15 dirmngr[6996] DBG: >> \r\n
2018-07-06 12:20:15 dirmngr[6996] DBG: http.c:response:
2018-07-06 12:20:15 dirmngr[6996] DBG: >> HTTP/1.1 200 OK\r\n
2018-07-06 12:20:15 dirmngr[6996] http.c:RESP: 'Date: Fri, 06 Jul 2018 10:20:15 GMT'
2018-07-06 12:20:15 dirmngr[6996] http.c:RESP: 'Server: Apache'
2018-07-06 12:20:15 dirmngr[6996] http.c:RESP: 'Last-Modified: Fri, 06 Jul 2018 10:01:51 GMT'
2018-07-06 12:20:15 dirmngr[6996] http.c:RESP: 'ETag: "108003-505fa1-c0b061c0"'
2018-07-06 12:20:15 dirmngr[6996] http.c:RESP: 'Accept-Ranges: bytes'
2018-07-06 12:20:15 dirmngr[6996] http.c:RESP: 'Content-Length: 5267361'
2018-07-06 12:20:15 dirmngr[6996] http.c:RESP: 'Content-Type: application/x-pkcs7-crl'
2018-07-06 12:20:15 dirmngr[6996] http.c:RESP: 'X-Cache: MISS from proxy.sv.lnf.it'
2018-07-06 12:20:15 dirmngr[6996] http.c:RESP: 'X-Cache-Lookup: MISS from proxy.sv.lnf.it:8080'
2018-07-06 12:20:15 dirmngr[6996] http.c:RESP: 'Via: 1.1 proxy.sv.lnf.it (squid/3.4.8)'
2018-07-06 12:20:15 dirmngr[6996] http.c:RESP: 'Connection: close'
2018-07-06 12:20:15 dirmngr[6996] http.c:RESP: ''
2018-07-06 12:20:15 dirmngr[6996] inserting CRL (reader 0x02df53b8)
2018-07-06 12:20:15 dirmngr[6996] update times of this CRL: this=20180706T100039 next=20180707T100039
2018-07-06 12:20:18 dirmngr[6996] locating CRL issuer certificate by authorityKeyIdentifier
2018-07-06 12:20:18 dirmngr[6996] certificate cached
2018-07-06 12:20:18 dirmngr[6996] Note: non-critical certificate policy not allowed
2018-07-06 12:20:18 dirmngr[6996] root certificate is not marked trusted
2018-07-06 12:20:18 dirmngr[6996] fingerprint=F09DA8CC6AB63A04CDA04CBA5113CEB74B3B4313
2018-07-06 12:20:18 dirmngr[6996] DBG: BEGIN Certificate 'issuer':
2018-07-06 12:20:18 dirmngr[6996] DBG:      serial: 6CAD805E30383CC586F31FAB2F6E95F7
2018-07-06 12:20:18 dirmngr[6996] DBG:   notBefore: 2010-10-22 00:00:00
2018-07-06 12:20:18 dirmngr[6996] DBG:    notAfter: 2030-10-22 23:59:59
2018-07-06 12:20:18 dirmngr[6996] DBG:      issuer: CN=ArubaPEC S.p.A. NG CA 3,OU=Certification AuthorityC,O=ArubaPEC S.p.A.,C=IT
2018-07-06 12:20:18 dirmngr[6996] DBG:     subject: CN=ArubaPEC S.p.A. NG CA 3,OU=Certification AuthorityC,O=ArubaPEC S.p.A.,C=IT
2018-07-06 12:20:18 dirmngr[6996] DBG:   hash algo: 1.2.840.113549.1.1.11
2018-07-06 12:20:18 dirmngr[6996] DBG:   SHA1 fingerprint: F09DA8CC6AB63A04CDA04CBA5113CEB74B3B4313
2018-07-06 12:20:18 dirmngr[6996] DBG: END Certificate
2018-07-06 12:20:18 dirmngr[6996] root certificate is good but not trusted
2018-07-06 12:20:18 dirmngr[6996] certificate chain is good
2018-07-06 12:20:18 dirmngr[6996]   certificate #6CAD805E30383CC586F31FAB2F6E95F7/CN=ArubaPEC S.p.A. NG CA 3,OU=Certification AuthorityC,O=ArubaPEC S.p.A.,C=IT
2018-07-06 12:20:18 dirmngr[6996] not checking CRL for #6CAD805E30383CC586F31FAB2F6E95F7/CN=ArubaPEC S.p.A. NG CA 3,OU=Certification AuthorityC,O=ArubaPEC S.p.A.,C=IT
2018-07-06 12:20:18 dirmngr[6996] target certificate may be valid

In my previous tests, clerly, at every config modification i've stop kleopatra and restart them. It was not sufficient?

Sorry... and thanks!

werner closed this task as Invalid.Jul 6 2018, 5:14 PM

No problem. I am glad that it works.