GNU bug report logs -
#53941
27.2; socks + tor dont work with https
Previous Next
Full log
Message #91 received at 53941 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Robert Pluim <rpluim <at> gmail.com> writes:
> More information hiding by default is a good thing. (Iʼm not the
> original author, I just changed it to look at the actual local
> addresses instead of hardcoding them)
D'oh, I see that now. The original author was one Mr. Wong. If you'd
like to be spared any further spam related to this bug, please say so,
and I'll remove you from the Cc's. (But if not, I could certainly use
the input.)
> JP> The API could be as simple as:
>
> JP> (make-network-process ... :nolookup t ...)
>
> Iʼm not sure what suppressing DNS lookups would get us apart from more
> failure modes, but I havenʼt thought about it deeply.
Hm, right. I suppose doing that would mostly be useless for this type of
proxy because the :host property of the process is usually the one being
looked up, and if the `socks' side is handling things properly, :host
should only ever be the proxy server itself. Also, the lookups I was
hoping to prevent (or redirect through Tor with something like the
attached 0002 PoC patch) would need to be limited to only a specific
application rather than all of Emacs, which seems rather unrealistic.
> JP> * lisp/net/nsm.el (nsm-should-check): Rework in a functionally
> JP> equivalent way, except forgo calling both `network-lookup-address-info'
> JP> and `network-interface-list' unless the various conditions regarding
> JP> `nsm-trust-local-network' are first satisfied. Replace `mapc' with
> JP> `dolist' to align with modern sensibilities. (Bug#53941)
>
> Careful now, somebody even more modern might come along and replace `dolist' with
> `seq-do' ☺️
Good point. I'll be sure and use `brat-do' from now on, just to be safe.
(Hopefully, you have no idea what that means.)
> JP> + (not (and-let* (((or (and (functionp nsm-trust-local-network)
> JP> + (funcall nsm-trust-local-network))
> JP> + nsm-trust-local-network))
> JP> + (addresses (network-lookup-address-info host))
> JP> + (network-interface-list (network-interface-list t)))
> JP> + (catch 'off-net
> JP> + (dolist (ip addresses)
> JP> + (dolist (info network-interface-list)
> JP> + (when (nsm-network-same-subnet (substring (nth 1 info) 0 -1)
> JP> + (substring (nth 3 info) 0 -1)
> JP> + (substring ip 0 -1))
> JP> + (throw 'off-net t))))))))
>
> Since youʼve inverted the test, you should probably invert the name of
> `off-net'.
Ah, took that "by rote" from the old sentinel variable, but as you say,
it doesn't comport with the semantics. Changed to `nsm-should-check'.
Overall, I'll have to think on this bug a bit more. If Christopher or
the Elpher people want this specific workaround in tree, I suppose we
can accommodate, but I doubt there's any rush.
Cheers.
[0000-v7-v8.diff (text/x-patch, attachment)]
[0001-Only-conditionally-resolve-hosts-in-nsm-should-check.patch (text/x-patch, attachment)]
[0002-POC-Support-SOCKS-resolve-extension.patch (text/x-patch, attachment)]
[0003-POC-Simplify-network-stream-openers-in-socks.el.patch (text/x-patch, attachment)]
[0004-POC-Integrate-the-socks-and-url-libraries.patch (text/x-patch, attachment)]
This bug report was last modified 274 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.