subject:"Re\: \[Sks\-devel\] hkps and reverse proxy"

Re: [Sks-devel] hkps and reverse proxy

2019-03-18 Thread Todd Fleisher

> On Mar 18, 2019, at 9:40 AM, fuat  wrote:
> 
> hkps to be active ServerAlias I need to notify the servers I have
> defined?
> 
> everything works when I do apache proxy settings via static ip.
> however, sks-keyservers.net does not detect the sks that I run on local
> ip with apache when I make proxy from static ip to local ip.

I’m not sure I understand your question. Sounds like you are trying to access 
an apache virtual host over an IP address and are not getting the expected 
content.

> Finally, what is the meaning of these records?
> 
> Error handling request (POST, / pks / add, [
> Accept: * / *
> Content-Length: 82
> content-type: application / x-www-form-urlencoded
> expect: 100-continua
> host: pool.sks-keyservers.net]): Failure ("Error while decoding ascii-
> armored key: text"
> 2019-03-18 19:34:00 Page not found: / pks / lookup / undefined1
>  prompt ('CVE-2014-3207') 

See 
https://bitbucket.org/skskeyserver/sks-keyserver/issues/26/cve-2014-3207-unfiltered-xss
 


-T



signature.asc
Description: Message signed with OpenPGP
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] hkps and reverse proxy

2019-03-18 Thread Todd Fleisher

> On Mar 18, 2019, at 11:06 AM, fuat  wrote:
> 
> hkps on my server is running.

That sounds accurate, based on what I am seeing @ https://sks.teknoloji360.com 

> ...
> 
> do I need to add hkps servers to my membership file?

The membership file controls recon and takes place over a specific port outside 
the realm of HKP vs. HKPS. Your membership file should contain a list of 
servers that have agreed to peer with you & their tcp port numbers. Per the 
following excerpt from 
https://bitbucket.org/skskeyserver/sks-keyserver/wiki/Peering 
 (under Add 
Peers):
Note that the membership lines only provide the SKS recon port; key retrieval 
will happen on a port number one greater than the recon port. Thus recon lines 
are normally on port 11370 and retrieval happens on the normal HKP 11371 port.

-T

signature.asc
Description: Message signed with OpenPGP
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] hkps and reverse proxy

2019-03-18 Thread fuat

hkps on my server is running.

[fuat@fuxproject ~]$ gpg2 --keyserver hkps://sks.teknoloji360.com --
recv-key D6379D85
gpg: key 0B7F8B60E3EDFAE3: 1223 signatures not checked due to missing
keys
gpg: anahtar 0B7F8B60E3EDFAE3: "Kristian Fiskerstrand <
kristian.fiskerstr...@sumptuouscapital.com>" değişmedi
gpg: İşlenmiş toplam miktar: 1
gpg: değişmedi: 1

apache virtualhost.


ServerAdmin  i...@teknoloji360.com
ServerName   sks.teknoloji360.com

ServerAlias  http-keys.gnupg.net
 
ServerAlias  eu.pool.sks-keyservers.net
ServerAlias  na.pool.sks-keyservers.net

ServerAlias  pool.sks-keyservers.net
ServerAlias  ipv4.pool.sks-keyservers.net
ServerAlias  hkps.pool.sks-keyservers.net
ServerAlias  subset.pool.sks-keyservers.net
...

named zone

; The Domains OpenPGP Keyserver Service
_hkp._tcp.sks.teknoloji360.com.   IN  SRV 10 10
11371 sks.teknoloji360.com.
_pgpkey-http._tcp.sks.teknoloji360.com.   IN  SRV 10 10
11371 sks.teknoloji360.com.
_pgpkey-https._tcp.sks.teknoloji360.com.  IN  SRV 10
10   443 sks.teknoloji360.com.
sks.teknoloji360.com. IN  A   185.1
26.179.97
...

; OpenPGP PKA Records
info._pka IN  TXT ("v=p
ka1;fpr=CE093A9439F29DDD82E73E835E17DF6833F048DF;"
  "uri=
https://teknoloji360.com/keys/0x33F048DF.asc";)
fuat._pka IN  TXT ("v=p
ka1;fpr=F0D4521D60378B67CE64665EE7C9735903E48A51;"
  "uri=
https://teknoloji360.com/keys/0x03E48A51.asc";)
...


do I need to add hkps servers to my membership file?


Pzt, 2019-03-18 tarihinde 19:40 +0300 saatinde, fuat yazdı:
> hkps to be active ServerAlias I need to notify the servers I have
> defined?
> 
> everything works when I do apache proxy settings via static ip.
> however, sks-keyservers.net does not detect the sks that I run on
> local
> ip with apache when I make proxy from static ip to local ip.
> 
> Finally, what is the meaning of these records?
> 
> Error handling request (POST, / pks / add, [
> Accept: * / *
> Content-Length: 82
> content-type: application / x-www-form-urlencoded
> expect: 100-continua
> host: pool.sks-keyservers.net]): Failure ("Error while decoding
> ascii-
> armored key: text"
> 2019-03-18 19:34:00 Page not found: / pks / lookup / undefined1
>  prompt ('CVE-2014-3207') 
> 
> I'd appreciate it if you could help.
> 
> -- 
> ┌--┐
> > Fuat Bölük  fuat[at]teknoloji360[dot]com |
> > --|
> > -- hkps://sks.teknoloji360.com/ --|
> > --|
> > F0D4521D60378B67CE64665EE7C9735903E48A51 |
> └--┘
> -- 
>  I do not know english. I'm using translate.
-- 
┌--┐
| Fuat Bölük  fuat[at]teknoloji360[dot]com |
|--|
|-- hkps://sks.teknoloji360.com/ --|
|--|
| F0D4521D60378B67CE64665EE7C9735903E48A51 |
└--┘
-- 
 I do not know english. I'm using translate.
-- 


___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] hkps and reverse proxy

Re: [Sks-devel] hkps and reverse proxy

Re: [Sks-devel] hkps and reverse proxy

3 matches

Site Navigation

Mail list logo

Footer information