Thanks, Phil - I appreciate your help and your response.
Thanks, Dave Sent from my iPhone > On Jan 23, 2018, at 9:51 PM, Phil Pennock <gnupg-us...@spodhuis.org> wrote: > > Looks to me like a GnuPG bug. In fact, it looks very much like > https://dev.gnupg.org/T1447 which has been marked resolved. > > The hostname there is a CNAME to Amazon DNS, and my dirmngr logfile > records: > > 2018-01-23 21:28:10 dirmngr[70787.6] TLS verification of peer failed: > hostname does not match > 2018-01-23 21:28:10 dirmngr[70787.6] DBG: expected hostname: > keyserver-prod.v3jierkpjv.eu-west-1.elasticbeanstalk.com > > The untrusted name retrieved from DNS resolution of the CNAME record is > being used as the name for validation. > > The patches to address the issue seem to focus on SRV records, so > repaired one way in which the problem manifested, but either didn't fix > the underlying issue, or there's been a regression. > > I've opened a new ticket for the maintainers to track this. > https://dev.gnupg.org/T3755 > > -Phil _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
