From c091816b4a90d7eea6f8601ec1522a0a006794e8 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Fri, 18 Sep 2015 16:17:11 +0200
Subject: dirmngr: Add option --use-tor as a stub.

* dirmngr/dirmngr.h (opt): Add field "use_tor".
* dirmngr/dirmngr.c (oUseTor): New.
(opts): Add --use-tor.
(parse_rereadable_options): Set option.
(main): Tell gpgconf about that option.

* dirmngr/crlfetch.c (crl_fetch): Pass TOR flag to the http module and
return an error if LDAP is used in TOR mode.
(ca_cert_fetch): Return an error in TOR mode.
(start_cert_fetch): Ditto.
* dirmngr/ks-engine-finger.c (ks_finger_fetch): Pass TOR flag to the
http module.
* dirmngr/ks-engine-hkp.c (send_request): Ditto.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/ks-engine-ldap.c (ks_ldap_get): Return an error in TOR mode.
(ks_ldap_search): Ditto.
(ks_ldap_put): Ditto.
* dirmngr/ocsp.c (do_ocsp_request): Ditto.  Also pass TOR flag to the
http module.

* dirmngr/server.c (option_handler): Add "honor-keyserver-url-used".
(cmd_dns_cert): Return an error in TOR mode.
(cmd_getinfo): Add subcommand "tor"
* tools/gpgconf-comp.c (gc_options_dirmngr): Add TOR group.
--

More work is required to actually make --use-tor useful.  For now it
returns an error for almost all network access but as soon as we have
added the TOR feature to the http module some parts will start to
work.

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 dirmngr/dirmngr.c | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'dirmngr/dirmngr.c')

diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
index 10cc45e00..fb9a70135 100644
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@@ -140,6 +140,7 @@ enum cmd_and_opt_values {
   oLDAPWrapperProgram,
   oHTTPWrapperProgram,
   oIgnoreCertExtension,
+  oUseTor,
   aTest
 };
 
@@ -215,6 +216,7 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_s (oHkpCaCert, "hkp-cacert",
                 N_("|FILE|use the CA certificates in FILE for HKP over TLS")),
 
+  ARGPARSE_s_n (oUseTor, "use-tor", N_("route all network traffic via TOR")),
 
   ARGPARSE_s_s (oSocketName, "socket-name", "@"),  /* Only for debugging.  */
 
@@ -518,6 +520,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
         }
       FREE_STRLIST (opt.ignored_cert_extensions);
       http_register_tls_ca (NULL);
+      /* We do not allow resetting of opt.use_tor at runtime.  */
       return 1;
     }
 
@@ -580,6 +583,8 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
       add_to_strlist (&opt.ignored_cert_extensions, pargs->r.ret_str);
       break;
 
+    case oUseTor: opt.use_tor = 1; break;
+
     default:
       return 0; /* Not handled. */
     }
@@ -1405,6 +1410,7 @@ main (int argc, char **argv)
       /* Note: The next one is to fix a typo in gpgconf - should be
          removed eventually. */
       es_printf ("ignore-ocsp-servic-url:%lu:\n", flags | GC_OPT_FLAG_NONE);
+      es_printf ("use-tor:%lu:\n", flags | GC_OPT_FLAG_NONE);
     }
   cleanup ();
   return !!rc;
-- 
cgit v1.2.3