Improve Tor support for .onion hosts

[ioerror]

It is not possible to use Tor's .onion hosts when using a SOCKS5 proxy. I believe this is because it is not possible to normally resolve these names and the SOCKS proxy (eg: Tor) does the resolution.

The connect wizard also removes the password field for .onion hosts. Ironically the password field may not be needed... if a user is using this with torsocks, I think this can be used to bypass access controls on a server as the connection is coming from localhost.

[hacst]

First issue is probably related to https://github.com/mumble-voip/mumble/issues/1033 . As for the rest: The password field only appears in the add server dialog if the user name is "SuperUser" as usually mumble relies on certificates only. Otherwise the password is requested on demand if one is required. No connection to any serverside security.

[ioerror]

Odd, I see a server password field as long as a I use a valid hostname (which is then automatically resolved).

This actually reveals a more subtle bug: mumble attempts to resolve (.onion) names even when using a SOCKS5 proxy. This is a problem as it leaks names to the network even when we should be querying through the SOCKS5 interface or not resolving at all, simply connecting with SOCKS5.

We've actually written a-soon-to-be-RFC about this for .onion names ( https://datatracker.ietf.org/doc/draft-ietf-dnsop-onion-tld/ ) and .onion is now in the special-use-domain-name registry.

[ioerror]

I think that when using a SOCKS5 proxy mumble should not attempt any DNS resolution at all.

[mkrautz]

Commit 08af66d53eb33bc25c4b4b841e121a1a5fb8cf8f closed this.

We still need to test whether .onion hosts can be properly resolved, but I don't see why not -- they're passed through to Tor now...

[t2d]

Sadly, Mumble is still unable to resolve .onion when using Tor as a SOCKS5 proxy. It works, if I start it with torify mumble. Is there anything you can do to resolve the url via proxy?

[schtiehve]

Is there anything that can be done about this? @t2d did you find any solution? Currently the only way for people to connect to a mumble server running in tor is by running tails or a linux distro where they can use torify/torsocks. Would be nice if they could be using their normal setups (on different Operating Systems) but still use mumble securely via tor,

[Krzmbrzl]

I'm sure there can be done something. However I don't see this as a priority for us right now. If you find a way to do this, we'd welcome a PullRequest :)

[schtiehve]

Sadly my developing skills are negligable. I was mostly frustrated since the patch from 5 years ago mentions .onions being resolvable but they still aren't. I guess I was kinda hoping that I just used it wrong not that the feature was broken. But, of course than you to everyone who is putting work into this project. And if anyone wnat'S to take on this isseu I'd be happy to help with any debugging etc.