diff options
Diffstat (limited to '')
| -rw-r--r-- | dirmngr/ocsp.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/dirmngr/ocsp.c b/dirmngr/ocsp.c index 8971b9ffa..f81f3358e 100644 --- a/dirmngr/ocsp.c +++ b/dirmngr/ocsp.c @@ -132,6 +132,14 @@ do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp, gcry_md_hd_t md, (void)ctrl; + if (opt.use_tor) + { + /* For now we do not allow OCSP via TOR due to possible privacy + concerns. Needs further research. */ + log_error (_("OCSP request not possible due to TOR mode\n")); + return gpg_error (GPG_ERR_NOT_SUPPORTED); + } + if (opt.disable_http) { log_error (_("OCSP request not possible due to disabled HTTP\n")); @@ -165,7 +173,8 @@ do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp, gcry_md_hd_t md, once_more: err = http_open (&http, HTTP_REQ_POST, url, NULL, NULL, - (opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0), + ((opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0) + | (opt.use_tor? HTTP_FLAG_FORCE_TOR:0)), ctrl->http_proxy, NULL, NULL, NULL); if (err) { |