On Mon, Oct 13, 2014 at 10:29:13PM +0200, Martin Lambers wrote: > Hi! > > I don't use a proxy myself; I have a few questions about SOCKS support > in general and your patch in particular: > > 1. Is there any need for anything except SOCKS5? It has been around for > ages, does anybody really still need SOCKS4?
AFAIK, SOCKS4 is totally dead. Some older systems still do SOCKS4a, but it's not that common. It was already implemented so I kept it. > 2. Nobody protects the SOCKS5 protocol with TLS, right? I'm sure there exists *some* person who does this, but it's not common in the slightest. > 3. Is there a valid use case for SOCKS5 authentication? It only > supports unprotected user/password transmission (well, and GSSAPI, but > nobody uses that). This makes it pretty useless. It's really not any more work to do the basic user/password authentication than it is to do the normal protocol. It just adds one extra step. > If we only need SOCKS5 without TLS and possibly also without > authentication, then SOCKS5 integration could be done by only > extending net_open_socket(), as sketched in the attached > patch. Or am I missing something? > > Martin That's about how my patch goes, except that I do it it at the bottom instead of the top of the function. I also just modify the one place that gets the canonical name to return localhost. If you have HAVE_PROXY defined, all net_open_socket does is call net_connect_proxy which in turn looks up the IP address from the string of the proxy value given, in a way I know won't ping the DNS server, then call net_connect to make the connection, and run tunnel_to which is the pseudo-code is doing. I just didn't want a million line net_open_socket function. It's really long as it is. The code in proxy.c works just fine fine for the SOCKS5 with no authentication case already. The really horrible stuff in in the HTTP connect proxy area. Even the SOCKS4 code is okish. You can just take the one good case out of the switch and save the effort of writing it. You could even make the buffer that handles the responses and everything way smaller because the max size it could be is ~275 characters; the size of what you can fit into an unsigned char plus the few extra octets to store the request type and port. CustaiCo ------------------------------------------------------------------------------ Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho _______________________________________________ msmtp-users mailing list msmtp-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/msmtp-users
