SKS v. unknown HTTP headers (was: Re: IPv6 failover?)

Jason Harris jharris at
Thu Aug 4 06:24:27 CEST 2005

On Wed, Aug 03, 2005 at 08:44:18PM -0400, David Shaw wrote:
> On Wed, Aug 03, 2005 at 08:18:35PM -0400, Jason Harris wrote:

> > Looking at ,
> > this might do the trick:
> > 
> >   curl_easy_setopt (..., CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4); 
> > 
> > if any connection, which always seems to prefer IPv6, doesn't
> > at first succeed.
> I'm not sure.  CURL_IPRESOLVE_V4 is documented to force the connection
> to IPv4.  That is, it'll ignore IPv6 addresses altogether, rather than
> try to connect and then fail over within curl.  What happens if you
> add a "-4" to the command line above?  That sets CURL_IPRESOLVE_V4.

(That works fine, of course.)

> Also, going back to the original problem, can you send me the output
> when you try fetching a key with "--keyserver-options debug" set?

OK, with --recv I see it falls back from v6 to v4, which is good, but it
fails with --send:

  %gpg --keyserver-options debug --keyserver --send ...
  gpg: sending key ... to hkp server
  Command:        SEND
  gpgkeys: HTTP URL is `'
  * About to connect() to port 11371
  *   Trying 2001:1418:13:10::1... * Failed to connect to 2001:1418:13:10::1: No route to host
  * Undefined error: 0
  *   Trying * connected
  * Connected to ( port 11371
  > POST /pks/add HTTP/1.1
  Accept: */*
  Content-Length: 2246
  Content-Type: application/x-www-form-urlencoded
  Expect: 100-continue

  < HTTP/1.1 100 Continue
  * The requested URL returned error: 500
  * Closing connection #0
  gpgkeys: HTTP post error 22: Failed to connect to 2001:1418:13:10::1: No route to host

However, this seems to be specific to SKS.  My SKS log reports:

2005-08-04 ... ... Error handling request (POST,/pks/add,[+accept:*/*+content-length:2246+content-type:application/]): Scanf.Scan_failure("scanf: bad input at char number 8: looking for =, found %")

so the connection is being made (in this case via IPv4; skylane also has
an AAAA record).  Moreover, the error messages from curl are confusing this

Thus, in reality, the "Expect: 100-continue" header appears to be confusing
SKS (during POSTs).

Jason Harris           |  NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
jharris at _|_ web:
          Got photons?   (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 313 bytes
Desc: not available
Url : /pipermail/attachments/20050804/690a6885/attachment.pgp

More information about the Gnupg-users mailing list