Open Bug 1735349 Opened 4 years ago Updated 4 years ago

WKD bypasses proxy settings

Categories

(MailNews Core :: Security: OpenPGP, defect)

Product:
MailNews Core
Component:
Security: OpenPGP
Version:
Thunderbird 91
Type:
defect

Tracking

(Not tracked)

People

(Reporter: u617804, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0

Steps to reproduce:

TB 91.2.0 (64-bit)

Set HTTP(S) proxy to dead-end, for screenshots of my proxy setting see bug 1734992.

Import key via WKD, see example in bug 1735033

Actual results:

Key import via WKD works.

Expected results:

According to https://wiki.gnupg.org/WKD#How_does_an_email_client_use_WKD.3F WKD uses HTTPS to fetch a key.

Key import via WKD should not be possible, if HTTPS proxy is set to dead-end.

Thanks Ardivt for the detailed bug report!

I could reproduce it on TB 95.0a:

  1. Set HTTP and HTTPS proxy to 127.0.0.1:666, which doesn't exist.
  2. Discovering krakonos@krakonos.org from the key manager works when it should not.

I could not reproduce it in TB 78.14.0.

TB 78.14.0 also respects the proxy setting when configuring a Socks5 proxy to go through Tor. I couldn't test this in TB 95.0a.

The WKD connection indeed goes to 443 (HTTPS).

So this seems to be a regression to me.

Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: Key Fetch via WKD works, although HTTPS-Proxy is set to dead-end → WKD bypasses proxy settings

I've confirmed this in various versions, including 91.3.0 and 96.0a1. It actually seems to be bigger than just WKD bypassing the proxy; in my testing, the proxy settings seem to be completely ignored.

I ran a regression search, and came up with: https://treeherder.mozilla.org/jobs?repo=comm-central&revision=f8dd96c6b4daaab55160a8cc8b12c0c0c4c748af

Nothing too interesting in the comm-central commits, but the corresponding mozilla-central push has https://hg.mozilla.org/mozilla-central/rev/b633563955ad437d61cb5ddb11b39074764c8e6d (bug 1720221) which looks suspicious.

That would have been milestone 92, but bug 1720221 was uplifted to mozilla-esr91: https://hg.mozilla.org/releases/mozilla-esr91/rev/1b4a1f57a0802ab304ad4c7561d2f2b02947b0cb (actually, it was uplifted to 91.0b5).

For the record, MOZ_PROXY_DIRECT_FAILOVER is set for Thunderbird builds. The code claims that manual configured proxies won't fail over to direct connection, but in my testing that does not appear to be the case.

Flags: needinfo?(mkmelin+mozilla)

It looks like disabling the failover-to-direct failover suffices as a workaround. Set network.proxy.failover_direct to false.

Otherwise, with failover enabled the results are inconsistent at best. e10s might be a factor.

You need to log in before you can comment on or make changes to this bug.