Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: '--socks5-hostname' and 'CURL_DISABLE_PROXY'
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Timothe Litt <litt_at_acm.org>
Date: Tue, 8 Mar 2022 08:44:11 -0500
On 08-Mar-22 08:26, Gisle Vanem via curl-users wrote:
> I just had a somewhat scary experience with curl
> trying to use Tor's SOCKS5 built-in proxy to connect via.
>
> Seemingly all was well and secure with this command:
> curl.exe --location --socks5-hostname 127.0.0.1:9050 https://www.vg.no
>
> I got the page, but definitely not securely via Tor since
> everything was built with '-DCURL_DISABLE_PROXY'. No warning
> or anything.
>
> The above command via the 'curl.exe' bundled with Windows-10
> also made me wonder. I do not know how Microsoft built it.
> I had to use 'tcpdump' to verify it indeed was using 'SOCKS5'.
>
> So what in 'curl -V' is there to tell it's safe to use with
> Tor in this way? Some additional 'Features: SOCKS5' would make
> it a bit clearer IMHO.
>
Seems to me that specifying --socks5-hostname should produce a hard
error if CURL_DISABLE_PROXY is set. As should anything else that
implies using a proxy - including API calls that specify proxy-related
items.
Timothe Litt
ACM Distinguished Engineer
--------------------------
This communication may not represent the ACM or my employer's views,
if any, on the matters discussed.
Received on 2022-03-08
Date: Tue, 8 Mar 2022 08:44:11 -0500
On 08-Mar-22 08:26, Gisle Vanem via curl-users wrote:
> I just had a somewhat scary experience with curl
> trying to use Tor's SOCKS5 built-in proxy to connect via.
>
> Seemingly all was well and secure with this command:
> curl.exe --location --socks5-hostname 127.0.0.1:9050 https://www.vg.no
>
> I got the page, but definitely not securely via Tor since
> everything was built with '-DCURL_DISABLE_PROXY'. No warning
> or anything.
>
> The above command via the 'curl.exe' bundled with Windows-10
> also made me wonder. I do not know how Microsoft built it.
> I had to use 'tcpdump' to verify it indeed was using 'SOCKS5'.
>
> So what in 'curl -V' is there to tell it's safe to use with
> Tor in this way? Some additional 'Features: SOCKS5' would make
> it a bit clearer IMHO.
>
Seems to me that specifying --socks5-hostname should produce a hard
error if CURL_DISABLE_PROXY is set. As should anything else that
implies using a proxy - including API calls that specify proxy-related
items.
Timothe Litt
ACM Distinguished Engineer
--------------------------
This communication may not represent the ACM or my employer's views,
if any, on the matters discussed.
-- Unsubscribe: https://lists.haxx.se/listinfo/curl-users Etiquette: https://curl.haxx.se/mail/etiquette.html
- application/pgp-signature attachment: OpenPGP digital signature