RFC: retry keyservers witout SRV

Luis R. Rodriguez mcgrof at kernel.org
Tue Nov 21 02:27:14 CET 2017

I have a R6300v2 which after a firmware upgrade it seems it now replies to SRV
queries for _pgpkey-https and others as a "format error". I've captured tcpdumps
for it and are on file.

I figured something like the below would work as it retries without the SRV if it
first failed with it, but no go so far. This is a slightly odd issue for an AP/router
to have though, specially since it seems to have been a firmware regression if this
is the mechanism we've had in place for a long time. Otherwise I guess this is a
regression due to an even older bug where it was reported _hkp_tcp SRV record doesn't

If this was a firmware regression, it begs the question what might have motivated
Netgear to reply in such a way, and one then wonders what other APs out there
followed similar logic.

Sadly to the user, this just seems like gpgp does't work, given something so simple
as a search for a key fails, even if "DNS" seems to be working. In my case no matter
what I used as my keyserver, nothing worked, and it seems its because we default to
SRV _pgpkey* stuff first always now and never retry without SRV.

[0] https://dev.gnupg.org/T3517
[1] https://dev.gnupg.org/T2451

diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
index 4a0b08f4f..1ba307828 100644
--- a/dirmngr/ks-engine-hkp.c
+++ b/dirmngr/ks-engine-hkp.c
@@ -1459,8 +1459,17 @@ ks_hkp_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern,
     err = make_host_part (ctrl, uri->scheme, uri->host, uri->port,
                           reselect, uri->explicit_port,
                           &hostport, &httpflags, &httphost);
-    if (err)
-      goto leave;
+  /*
+   * Some buggy Routers (R6300v2) treat _pgpkey-https.tcp SRV queries
+   * as invalid queries, as a query format error. One has no other
+   * option but to retry without SRV.
+   */
+    if (err) {
+      if (reselect)
+        goto leave;
+      reselect = 1;
+      goto again;
+    }
     searchkey = http_escape_string (pattern, EXTRA_ESCAPE_CHARS);
     if (!searchkey)
@@ -1603,7 +1612,12 @@ ks_hkp_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec, estream_t *r_fp)
                         reselect, uri->explicit_port,
                         &hostport, &httpflags, &httphost);
   if (err)
-    goto leave;
+    {
+    if (reselect);
+      goto leave;
+    reselect = 1;
+    goto again;
+    }
   xfree (request);
   request = strconcat (hostport,

More information about the Gnupg-devel mailing list