1 files changed, 28 insertions, 2 deletions

diff --git a/dirmngr/crlfetch.c b/dirmngr/crlfetch.c
index 3b3916a23..0f34e2794 100644
--- a/dirmngr/crlfetch.c
+++ b/dirmngr/crlfetch.c
@@ -196,8 +196,9 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
         }
       else
         err = http_open_document (&hd, url, NULL,
-                                  (opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
-                                  |(DBG_LOOKUP? HTTP_FLAG_LOG_RESP:0),
+                                  ((opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
+                                   |(DBG_LOOKUP? HTTP_FLAG_LOG_RESP:0)
+                                   |(opt.use_tor? HTTP_FLAG_FORCE_TOR:0)),
                                   ctrl->http_proxy, NULL, NULL, NULL);
 
       switch ( err? 99999 : http_get_status_code (hd) )
@@ -289,6 +290,12 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
                      "LDAP");
           err = gpg_error (GPG_ERR_NOT_SUPPORTED);
         }
+      else if (opt.use_tor)
+        {
+          /* For now we do not support LDAP over TOR.  */
+          log_error (_("CRL access not possible due to TOR mode\n"));
+          err = gpg_error (GPG_ERR_NOT_SUPPORTED);
+        }
       else
         {
 #       if USE_LDAP
@@ -309,12 +316,19 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
 gpg_error_t
 crl_fetch_default (ctrl_t ctrl, const char *issuer, ksba_reader_t *reader)
 {
+  if (opt.use_tor)
+    {
+      /* For now we do not support LDAP over TOR.  */
+      log_error (_("CRL access not possible due to TOR mode\n"));
+      return gpg_error (GPG_ERR_NOT_SUPPORTED);
+    }
   if (opt.disable_ldap)
     {
       log_error (_("CRL access not possible due to disabled %s\n"),
                  "LDAP");
       return gpg_error (GPG_ERR_NOT_SUPPORTED);
     }
+
 #if USE_LDAP
   return attr_fetch_ldap (ctrl, issuer, "certificateRevocationList",
                           reader);
@@ -334,6 +348,12 @@ crl_fetch_default (ctrl_t ctrl, const char *issuer, ksba_reader_t *reader)
 gpg_error_t
 ca_cert_fetch (ctrl_t ctrl, cert_fetch_context_t *context, const char *dn)
 {
+  if (opt.use_tor)
+    {
+      /* For now we do not support LDAP over TOR.  */
+      log_error (_("CRL access not possible due to TOR mode\n"));
+      return gpg_error (GPG_ERR_NOT_SUPPORTED);
+    }
   if (opt.disable_ldap)
     {
       log_error (_("CRL access not possible due to disabled %s\n"),
@@ -355,6 +375,12 @@ gpg_error_t
 start_cert_fetch (ctrl_t ctrl, cert_fetch_context_t *context,
                   strlist_t patterns, const ldap_server_t server)
 {
+  if (opt.use_tor)
+    {
+      /* For now we do not support LDAP over TOR.  */
+      log_error (_("CRL access not possible due to TOR mode\n"));
+      return gpg_error (GPG_ERR_NOT_SUPPORTED);
+    }
   if (opt.disable_ldap)
     {
       log_error (_("certificate search not possible due to disabled %s\n"),