Dirmngr now supports hkps
Werner Koch
wk at gnupg.org
Wed May 7 17:04:51 CEST 2014
On Tue, 6 May 2014 19:45, kristian.fiskerstrand at sumptuouscapital.com
said:
> 8412a5825c225c8ff14de3ffaad2e55e040b2eca `make -j4` fails on my
> computer with ERROR described below. As of
Fixed.
> Also, if using --program-prefix='gpg2.1-' gpg fails to locate the
> dirmngr,
Better use --prefix or --exec-prefix to put that version into a
different directory. To allow for an arbitrary prefix we need to tell
this common/homedir.c:gnupg_module_name. There is an option to install
gpg2 as gpg but for the other tools you would need to tell configure the
full file name of the tools
(e.g. --with-agent-pgm=/usr/local/bin/gpg2.1-gpg-agent) which is not
that nice. You may want to file a bug so that we do not forget about
this missing feature.
> Out of curiosity (as I haven't had time to look deeply enough into the
> source code yet), how does dirmngr handle SNI in the case of the hkps
> pool being resolved to multiple client? Does it still present itself
> as SNI=hkps.pool.sks-keyservers.net when contacting individual
We uses the name of the actual server. Basically we do this:
if (!getaddrinfo (name, NULL, &hints, &aibuf))
for (ai = aibuf; ai; ai = ai->ai_next)
getnameinfo (ai, tmphost, sizeof tmphost)
and then use TMPHOST to connect the host TMPHOST is the also given as
SNI. If the server can't be resolved this is likely a problem because
the code will use the IP address as server name. The HTTP code does not
know about the pools, it takes an URL and applies proxy settings and
resolves SRV records.
Shalom-Salam,
Werner
More information about the Gnupg-devel
mailing list