Bug 1479: GnuPG curl-shim TCP half-close harms HTTP interop

Fri Mar 1 23:46:53 CET 2013

On Mar 1, 2013, at 5:24 PM, Phil Pennock <gnupg-devel at spodhuis.org> wrote:

> On 2013-02-28 at 14:09 -0500, David Shaw wrote:
>> Pretty easy case.  All set.  This isn't an issue on master, by the way.  The logic is reversed on that branch so there is only a shutdown when specifically requested - and it isn't requested.
> 
> In diagnosing whether a fix for this works, there's a problem that GnuPG
> both retrieves a key and reports that it failed.
> 
> I think that the shim is failing to set whatever flag is referenced as
> ctx.flags.done in the gpgkeys_hkp.c code.
> 
> ----------------------------8< cut here >8------------------------------
> % /usr/local/libexec/gpg2keys_hkp
> COMMAND GET
> HOST keys2.kfwebs.net
> PORT 11371
> SCHEME hkp
> 
> KEY 403043153903637F
> 
> ----------------------------8< cut here >8------------------------------
> 
> Get:
>  KEY 0xKEY 403043153903637F BEGIN
>  * HTTP host:port post-SRV is "keys2.kfwebs.net:11371"
>  -----BEGIN PGP PUBLIC KEY BLOCK-----
> [...]
>  m3QmaaAfDDkAn0EfIzN9wDIdYGM6p5eihu2vZAfIiGQEExECACQFCQWjmoACF4AGCwkIBwMC
>  gpgkeys: key KEY 403043153903637F not found on keyserver
>  AxUCAwMWAgECHgEFA
>  KEY 0xKEY 403043153903637F FAILED 6
> 
> In fact, the struct CURL's flags field from curl-shim.h doesn't include
> a done field, so I'm not sure why this compiles.  At least, when I look
> at current git on the STABLE-BRANCH-2-0 branch.

I think you are confused.  The structure ctx is a struct curl_writer_ctx, not a struct CURL.  It's defined in ksutil.h.

Why did you put "KEY" in front of the key ID of the key?  GPG doesn't do that.

Aside from those two points, this works for me.  You snipped most of the output, so the best guess I can give you is that for some reason you're missing the "-----END PGP PUBLIC KEY BLOCK-----".

David