curl: Not resolving .onion address (RFC 7686)

say i have a nixos container with a transparent tor proxy so in that container, all traffic is going through tor see also #31

now i want to use curl... but curl wants to be smarter than me so curl will not resolve onion domains

$ curl -s https://check.torproject.org/api/ip
{"IsTor":true,"IP":"109.70.100.3"}

$ curl -s -v http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion/
*   Trying 127.0.0.1:9050...
* Connected to 127.0.0.1 (127.0.0.1) port 9050
* Not resolving .onion address (RFC 7686)
* Closing connection

FUUUUUUUUUUUUUUUUUUUUUUUU

so curl really is forcing me to use

curl: non-transparent fix

$ curl --proxy socks5h://127.0.0.1:9050 -s http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion/ | head -n1
<!doctype html>

or with a random user:password for tor circuit isolation

$ curl --proxy socks5h://$RANDOM:$RANDOM@127.0.0.1:9050 -s http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion/ | head -n1
<!doctype html>

since git is based on curl, git will also refuse to resolve onion domains

$ git clone --depth=1 http://it7otdanqu7ktntxzm427cba6i53w6wlanlh23v5i3siqmos47pzhvyd.onion/milahu/alchi
Cloning into 'alchi'...
fatal: unable to access 'http://it7otdanqu7ktntxzm427cba6i53w6wlanlh23v5i3siqmos47pzhvyd.onion/milahu/alchi/': Not resolving .onion address (RFC 7686)

git: non-transparent fix

$ git -c remote.origin.proxy=socks5h://127.0.0.1:9050 clone --depth=1 http://it7otdanqu7ktntxzm427cba6i53w6wlanlh23v5i3siqmos47pzhvyd.onion/milahu/alchi

upstream issues

possible solutions

hostip: add CURL_ALLOW_DOT_ONION to allow .onion lookups curl#11236
- curl-with-allow-dot-onion, git-with-allow-dot-onion: init nur-packages#33b3ef8
- on nixos, patching curl is painful, because many other packages depend on curl, and will be rebuilt ("rebuild the world")

milahu / nixpkgs

curl: Not resolving .onion address (RFC 7686) #33