Stefan Kangas writes: > Christopher Howard writes: > >> Hello all. I don't pretend to track most of what is going on in this bug >> thread, but I was wanting to draw more attention to the specific issue of >> proxies and certs. I use Emacs Elpher for gemini browsing. As a privacy >> minded individual, I want to by default route everything, including DNS, >> through my local TOR proxy (localhost:9050). But I also want to be able to >> check and approve capsule certs and, especially, cert changes. But in >> Elpher, I have to pick one or the other, since turning on the proxy disables >> the cert checks. As it has been explained to me, this is due to the current >> situation with nsm, where you can't have `nsm' checks without also leaking >> DNS. > > Is there an open bug report for leaking DNS with a tor proxy+nsm? Not that I'm aware of. > > If not, would you be willing to report one (including all the details)? In a sense, the issue only exists in the context of trying to integrate `socks' with other libraries like `nsm' and `url' (this bug). As such, there's currently no high-level way (I can think of) to demonstrate its presence. For that, you'd need an app like Elpher to support connecting to TLS-terminated endpoints through a SOCKS proxy while verifying them with `nsm' checks. And you'd need to eavesdrop on it doing so in a controlled environment where DNS lookups are well understood. To see how something nearer to a proper (though limited) integration _could_ work, you can try the demo in the log message of the last of the attached PoC patches (0004). While it "works," it's quite brittle in the sense that any unsupported but otherwise normal config patterns (e.g., :nowait t) or any related but undetected change to an affected library (or the underlying networking stack) could render the whole thing bunk. As I've struggled to explain up thread, the DNS leakage issue is larger than any prospective integration, `nsm' or otherwise. But, for the sake of discussion, if we were to zoom in on that library in particular, the reason for the leakage should be pretty clear. AFAICT, the function `nsm-should-check' always performs a lookup in order to support the `nsm-trust-local-network' feature (original author Robert Cc'd). One possible workaround might be to rework the function slightly to prevent that, as shown in the first of the attached patches (0001). Anyway, to truly tackle this issue, I still contend we'd need to intercept calls to any glibc GAI-related functions and gate them with some kind of async-friendly mechanism (perhaps a process property) that suppresses their invocation for the lifetime of the process. The API could be as simple as: (make-network-process ... :nolookup t ...) But for this, we'd surely need help from someone familiar with that part of Emacs. Thanks.