* dirmngr/dns-stuff.c (enable_dns_tormode): Always succeed.
(reload_dns_stuff): Reset tor port.
* dirmngr/dirmngr.c (set_tor_mode): Also enable Tor mode for DNS.
(main): Remove warning that Tor mode may not fully work.
* dirmngr/server.c (cmd_dns_cert): Remove explicit Tor for DNS
initialization.
* dirmngr/t-dns-stuff.c (main): Remove option --new-circuit and error
checking for enable_dns_tormode.
--
This patch also resets the port on SIGHUP so that after starting Tor
SIGHUP is sufficient to use Tor. Without the SIGHUP and when not
using the Tor browser Dirmngr would keep on trying the Tor browser
port.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit
969512401603639e4467ede7d892f1b02582c2c9)
Gbp-Pq: Name 0019-dirmngr-Make-sure-Tor-mode-is-also-set-for-DNS-on-SI.patch
{
if (opt.use_tor)
{
+ /* Enable Tor mode and when called again force a new curcuit
+ * (e.g. on SIGHUP). */
+ enable_dns_tormode (1);
if (assuan_sock_set_flag (ASSUAN_INVALID_FD, "tor-mode", 1))
{
log_error ("error enabling Tor mode: %s\n", strerror (errno));
log_info ("NOTE: this is a development version!\n");
#endif
- if (opt.use_tor)
- {
- log_info ("WARNING: ***************************************\n");
- log_info ("WARNING: Tor mode (--use-tor) MAY NOT FULLY WORK!\n");
- log_info ("WARNING: ***************************************\n");
- }
-
/* Print a warning if an argument looks like an option. */
if (!opt.quiet && !(pargs.flags & ARGPARSE_FLAG_STOP_SEEN))
{
}
-/* Sets the module in Tor mode. Returns 0 is this is possible or an
- error code. */
-gpg_error_t
+/* Puts this module eternally into Tor mode. When called agained with
+ * NEW_CIRCUIT request a new TOR circuit for the next DNS query. */
+void
enable_dns_tormode (int new_circuit)
{
if (!*tor_socks_user || new_circuit)
counter++;
}
tor_mode = 1;
- return 0;
}
libdns_reinit_pending = 0;
}
else
- libdns_reinit_pending = 1;
+ {
+ libdns_reinit_pending = 1;
+ libdns_tor_port = 0; /* Start again with the default port. */
+ }
#else
(void)force;
#endif
/* Return true iff the recursive resolver is used. */
int recursive_resolver_p (void);
-/* Calling this function switches the DNS code into Tor mode if
- possibe. Return 0 on success. */
-gpg_error_t enable_dns_tormode (int new_circuit);
+/* Put this module eternally into Tor mode. When called agained with
+ * NEW_CIRCUIT request a new TOR circuit for the next DNS query. */
+void enable_dns_tormode (int new_circuit);
/* Change the default IP address of the nameserver to IPADDR. The
address needs to be a numerical IP address and will be used for the
}
}
- if (opt.use_tor && (err = enable_dns_tormode (0)))
- {
- /* Tor mode is requested but the DNS code can't enable it. */
- assuan_set_error (ctx, err, "error enabling Tor mode");
- goto leave;
- }
-
if (pka_mode || dane_mode)
{
char *domain; /* Points to mbox. */
gpg_error_t err;
int any_options = 0;
int opt_tor = 0;
- int opt_new_circuit = 0;
int opt_cert = 0;
int opt_srv = 0;
int opt_bracket = 0;
opt_tor = 1;
argc--; argv++;
}
- else if (!strcmp (*argv, "--new-circuit"))
- {
- opt_new_circuit = 1;
- argc--; argv++;
- }
else if (!strcmp (*argv, "--standard-resolver"))
{
enable_standard_resolver (1);
init_sockets ();
if (opt_tor)
- {
- err = enable_dns_tormode (opt_new_circuit);
- if (err)
- {
- fprintf (stderr, "error switching into Tor mode: %s\n",
- gpg_strerror (err));
- exit (1);
- }
- }
+ enable_dns_tormode (0);
if (opt_cert)
{
~ian / gnupg2.git / commitdiff