On 2012-12-02 at 10:23 -0500, David Shaw wrote: > On Oct 6, 2012, at 10:20 PM, Phil Pennock <sks-devel-p...@spodhuis.org> wrote: > > GnuPG folks (since this is cross-posted, if my mail makes it through): > > > > there is a bug in GnuPG's SRV handling, I've identified where I think > > it is, it's in the second block of text from me; the first part of this > > mail relates to SKS and some policy issues around the new keyserver > > pool Kristian has added. > > Somehow I didn't notice this mail when it originally came through. Anyway, > thanks for the report. Clearly the port supplied in the SRV should be > honored. > > Can you try the attached patch (against 2.0)?
Might be a sleep issue, but I'm having trouble persuading gpg2 to use gpgkeys_hkp instead of gpgkeys_curl, or even telling them apart from "--keyserver-options debug,verbose" output. I'm going to bail and grab coffee, but here's what I have for testing, which should make it easy for you to test too. For testing, I have: keyserver.spodhuis.org: A, AAAA, and SRV records _pgpkey-http/_pgpkey-https keytest.spodhuis.org: just the SRV records, pointing to keyserver.spodhuis.org all on non-standard ports: ----------------------------8< cut here >8------------------------------ keyserver IN A 94.142.241.93 keyserver IN AAAA 2a02:898:31:0:48:4558:73:6b73 _pgpkey-http._tcp.keyserver IN SRV 10 10 11374 keyserver _pgpkey-https._tcp.keyserver IN SRV 10 10 11373 keyserver _pgpkey-http._tcp.keytest IN SRV 10 10 11374 keyserver _pgpkey-https._tcp.keytest IN SRV 10 10 11373 keyserver ----------------------------8< cut here >8------------------------------ There is a proxy (nginx) listening on both ports, it will insert a correct identifying Via: header to confirm from the server-side which port was used, and the cert presented on 11373 is my normal cert, which should match names. You can grab the CA from: https://www.security.spodhuis.org/CA/globnixCA3.crt for use as --keyserver-options ca-cert-file=/.../globnixCA3.crt ----------------------------8< cut here >8------------------------------ % ls -ld =gpg2 -r-xr-xr-x 1 root wheel 685696 Dec 2 19:33 /usr/local/bin/gpg2 % gpg2 --keyserver-options debug,verbose --keyserver hkp://keytest.spodhuis.org/ --recv-key $gpg_key gpg: requesting key 0x403043153903637F from hkp server keytest.spodhuis.org gpgkeys: curl version = GnuPG curl-shim Host: keytest.spodhuis.org Command: GET * HTTP proxy is "null" * HTTP URL is "http://keytest.spodhuis.org:11371/pks/lookup?op=get&options=mr&search=0x403043153903637F" * HTTP auth is "null" * HTTP method is GET gpg: key 0x403043153903637F: "Phil Pennock <phil.penn...@globnix.org>" not changed gpg: Total number processed: 1 gpg: unchanged: 1 ----------------------------8< cut here >8------------------------------ Yeah, I installed the patched version as the system gpg2. I built with FreeBSD Ports, which has gnupg-2.0.19, by doing: make patch patch -p1 <~/bug1446.patch make make FORCE_PKG_REGISTER=t install What am I doing wrong? Thanks, -Phil
pgpbB7UQhzY7d.pgp
Description: PGP signature
_______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel