Package: dirmngr Version: 2.1.17-2 Severity: important -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Dear Maintainer, After I tried to fetch keys through hkps, I was greeted with "General error" message. When I retried with clear hkp, everything worked fine. When I called dirmngr directly, I received the following error: (...) dirmngr[13694.0]: TLS verification of peer failed: hostname does not match dirmngr[13694.0]: DBG: expected hostname: hkps.pool.sks-keyservers.net. (...) Full log is attached below. Downgrading to 2.1.16-3 fixed this issue (log is also below). This issue seems to be related to #771666 (it might be a regression), it is also possible that it might be related to #849845 (just a guess). Regards, T. - -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (500, 'testing'), (100, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.8.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages dirmngr depends on: ii adduser 3.115 ii libassuan0 2.4.3-2 ii libc6 2.24-8 ii libgcrypt20 1.7.5-2 ii libgnutls30 3.5.7-3 ii libgpg-error0 1.25-2 ii libksba8 1.3.5-2 ii libldap-2.4-2 2.4.44+dfsg-2 ii libnpth0 1.3-1 ii lsb-base 9.20161125 Versions of packages dirmngr recommends: ii gnupg 2.1.17-2 Versions of packages dirmngr suggests: ii tor 0.2.9.8-2 - -- no debconf information *** /home/tnnn/dev/storage/dirmngr-hostname-issue.log ## dirmngr 2.1.17-2 (hostname matching problem): user@host:~$ echo -e "KEYSERVER hkps://hkps.pool.sks-keyservers.net\nKS_SEARCH 2071B08A33BD3F06\n" | dirmngr dirmngr[13694]: error opening '/home/user/.gnupg/dirmngr_ldapservers.conf': No such file or directory dirmngr[13694.0]: permanently loaded certificates: 0 dirmngr[13694.0]: runtime cached certificates: 0 # Home: /home/user/.gnupg # Config: /home/user/.gnupg/dirmngr.conf OK Dirmngr 2.1.17 at your service OK dirmngr[13694.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'sks.spodhuis.org' dirmngr[13694.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'bone.digitalis.org' dirmngr[13694.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'prod00.keyserver.dca.witopia.net' dirmngr[13694.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'gpg.NebrWesleyan.edu' dirmngr[13694.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '[2001:bc8:4700:2300::10:f15]' dirmngr[13694.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'hufu.ki.iif.hu' dirmngr[13694.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'gozer.rediris.es' dirmngr[13694.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '[2001:470:1:116::6]' S PROGRESS tick ? 0 0 dirmngr[13694.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'zimmermann.mayfirst.org' dirmngr[13694.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'bone.digitalis.org' [already known] dirmngr[13694.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'ip-209-135-211-141.ragingwire.net' dirmngr[13694.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'hufu.ki.iif.hu' [already known] dirmngr[13694.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'gpg.NebrWesleyan.edu' [already known] dirmngr[13694.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'gozer.rediris.es' [already known] dirmngr[13694.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'sks.spodhuis.org' [already known] dirmngr[13694.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'ams.sks.heypete.com' dirmngr[13694.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'host-37-191-238-78.lynet.no' dirmngr[13694.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'cryptonomicon.mit.edu' dirmngr[13694.0]: TLS verification of peer failed: hostname does not match dirmngr[13694.0]: DBG: expected hostname: hkps.pool.sks-keyservers.net. dirmngr[13694.0]: DBG: BEGIN Certificate 'server[0]': dirmngr[13694.0]: DBG: serial: 75 dirmngr[13694.0]: DBG: notBefore: 2016-04-24 18:44:05 dirmngr[13694.0]: DBG: notAfter: 2017-04-24 18:44:05 dirmngr[13694.0]: DBG: issuer: CN=sks-keyservers.net CA,O=sks-keyservers.net CA,ST=Oslo,C=NO dirmngr[13694.0]: DBG: subject: CN=sks.spodhuis.org,OU=PGP Keyserver,O=GlobNIX Systems,C=NL dirmngr[13694.0]: DBG: hash algo: 1.2.840.113549.1.1.11 dirmngr[13694.0]: DBG: SHA1 fingerprint: 3B7F90096DBE8BCEC510652FB0485841A4F4062D dirmngr[13694.0]: DBG: END Certificate dirmngr[13694.0]: DBG: BEGIN Certificate 'server[1]': dirmngr[13694.0]: DBG: serial: 00AF73C8B4CF9F808F dirmngr[13694.0]: DBG: notBefore: 2012-10-09 00:33:37 dirmngr[13694.0]: DBG: notAfter: 2022-10-07 00:33:37 dirmngr[13694.0]: DBG: issuer: CN=sks-keyservers.net CA,O=sks-keyservers.net CA,ST=Oslo,C=NO dirmngr[13694.0]: DBG: subject: CN=sks-keyservers.net CA,O=sks-keyservers.net CA,ST=Oslo,C=NO dirmngr[13694.0]: DBG: hash algo: 1.2.840.113549.1.1.5 dirmngr[13694.0]: DBG: SHA1 fingerprint: 791B27A38E667F8027814D4E68E7C478A45D5A17 dirmngr[13694.0]: DBG: END Certificate dirmngr[13694.0]: TLS connection authentication failed: General error dirmngr[13694.0]: error connecting to 'https://sks.spodhuis.org:443': General error dirmngr[13694.0]: command 'KS_SEARCH' failed: General error <Unspecified source> ERR 1 General error <Unspecified source> ## dirmngr 2.1.16-3 (worked flawlessly): user@host:~$ echo -e "KEYSERVER hkps://hkps.pool.sks-keyservers.net\nKS_SEARCH 2071B08A33BD3F06\n" | dirmngr dirmngr[14969]: error opening '/home/user/.gnupg/dirmngr_ldapservers.conf': No such file or directory dirmngr[14969.0]: permanently loaded certificates: 0 dirmngr[14969.0]: runtime cached certificates: 0 # Home: /home/user/.gnupg # Config: /home/user/.gnupg/dirmngr.conf OK Dirmngr 2.1.16 at your service OK dirmngr[14969.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'prod00.keyserver.dca.witopia.net' dirmngr[14969.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'bone.digitalis.org' dirmngr[14969.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'oteiza.siccegge.de' dirmngr[14969.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'hufu.ki.iif.hu' dirmngr[14969.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'sks.spodhuis.org' dirmngr[14969.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '[2001:470:1:116::6]' S PROGRESS tick ? 0 0 dirmngr[14969.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '[2001:bc8:4700:2300::10:f15]' dirmngr[14969.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'gozer.rediris.es' dirmngr[14969.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'gpg.NebrWesleyan.edu' dirmngr[14969.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'bone.digitalis.org' [already known] dirmngr[14969.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'oteiza.siccegge.de' [already known] dirmngr[14969.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'zimmermann.mayfirst.org' dirmngr[14969.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'gpg.NebrWesleyan.edu' [already known] dirmngr[14969.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'gozer.rediris.es' [already known] dirmngr[14969.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'sks.spodhuis.org' [already known] dirmngr[14969.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'hufu.ki.iif.hu' [already known] dirmngr[14969.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'ams.sks.heypete.com' dirmngr[14969.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'cryptonomicon.mit.edu' dirmngr[14969.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'ip-209-135-211-141.ragingwire.net' dirmngr[14969.0]: resolving 'ip-209-135-211-141.ragingwire.net' failed: No name dirmngr[14969.0]: can't connect to 'ip-209-135-211-141.ragingwire.net': host not found dirmngr[14969.0]: error connecting to 'https://ip-209-135-211-141.ragingwire.net:443': Unknown host dirmngr[14969.0]: marking host 'ip-209-135-211-141.ragingwire.net' as dead dirmngr[14969.0]: can't connect to '2001:470:1:116::6': Network is unreachable dirmngr[14969.0]: error connecting to 'https://[2001:470:1:116::6]:443': Network is unreachable dirmngr[14969.0]: marking host '[2001:470:1:116::6]' as dead S SOURCE https://gpg.NebrWesleyan.edu:443 D info:1:1%0Apub:031EC2536E580D8EA286A9F22071B08A33BD3F06:1:2048:1414544163:1604045657:%0Auid:NIIBE Yutaka (GnuPG Release Key) <gni...@fsij.org>:1477383257::%0A%0D%0A OK -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEfAsN5+pZkhF7ovXM5scQ4uXB5KMFAlhtSIEACgkQ5scQ4uXB 5KO+ow//fXllUEbzVEoUHysjWMzN+FR7QczQOubDQZ7j6mlHo86MttrQ+7xK9lRZ lgY5Kj2U0ASz6agvf8NEsMfiVslveAaDWUUKY2GFgO9QmVVcXc2XEw/aUwcAL45Q j9Lk48A+PRgdDLfYBunmYa82uZOR0K8blNN/cKGYVQiNyUCEO2NV89G4vF1xMKGW mnSPwucmDSeMrfFQmKD94rv5XPO03vdO9utNK28zXTL5N/QIGYZEu544r0wo6TNJ ewpfYAU0QQL7cI6WymCExPoOGUPN60Vkz6Y0gIZOukQh+ZhOadlJJdGFavWkihZm igLyPaxI1tq5Zc2Jv7GWCtoIMJhsk/xK+v4fxjeNJmlZ7O3wS/PFIoDyaRIGfgg9 Chidz1VqAXjbLkRcSz6ZruR6q5O82BtAhoqNKnTw0grchdN8ZdcVeQthVZ+bacLa AcQ9joiAnD6XDaJAd0mSJa1E4IzFkHyFs/pxEcsOI+0L6o6UrXU2oWd6uSIgrOA3 cCB3wEj7k/fCMFrMCwVLmi+MaeF4jD/NswWKSaJ6EcnnrYWwxYTuYpGqYibPQ0d6 sluyoHRuLqaxl8cuwdVnn2CSq6LLmxM7a4wPGLnKlNQWoOv4G6brJT+FrelYvxZU W/MAnpm4LpDMZLsrG9xqcqQHZxQvx0bcKEregCTbBlg0iRBB3zs= =AOkT -----END PGP SIGNATURE-----