Bug 1479: GnuPG curl-shim TCP half-close harms HTTP interop

Phil Pennock gnupg-devel at spodhuis.org
Sat Mar 2 08:41:51 CET 2013


On 2013-03-01 at 20:19 -0500, David Shaw wrote:
> So, is your setup unusual in any way?  Are you going through a proxy?
> What platform are you running on?  Which (exact) version of the GPG
> code are you running?  Does it happen when building with curl (yes, I
> understand you saw it when verifying a bug that only applies to
> curl-shim).  Does it work when you don't apply the shutdown patch?

I edited this information out of my reply and only just realised, sorry.

The issue is observed in GnuPG 2.0.19 with curl-shim, without the
shutdown patch.  If I remove the shutdown from common/http.c then the
problem disappears.

Because the core issue is truncated results, I should have been clearer
about how this isn't so much version-specific in GnuPG.  Still, since
connections can still be reset for other reasons, albeit normally not so
repeateably, more strident error reporting for truncated results might
help keep users from assuming they got the key after all.

If we can get a big

  WARNING: results truncated, likely missing signatures

in the output from GnuPG, whenever the final armor line is missing,
it'll be much clearer than "no keys found, but oh we imported key data
anyway".

-Phil



More information about the Gnupg-devel mailing list